The hackers who took over the accounts of around 130 people last week in an apparent bitcoin scam were able to access direct messages, Twitter said on Wednesday.
The hackers accessed 36 direct message inboxes, including one for an elected official in the Netherlands, Twitter said. Direct messages are similar to phone text messages, and are generally presumed to be private. The disclosure could cause users to lose faith in the service's ability to keep confidential messages from being read by outsiders.
Twitter's disclosure on Wednesday complicates an already murky picture about who the hackers were and what they were after.
The hackers were able to tweet from accounts for Democratic presidential candidate Joe Biden, former President Barack Obama and Tesla CEO Elon Musk, among other notable figures.
Although many of the most high-profile hacked accounts tweeted a scam asking for bitcoin, an analysis of cryptocurrency transactions showed that the account mentioned by the hackers only collected $121,000, which appears to be a low sum for what a historic hack that included inside access to a major social network.
Twitter said it did not believe that the hackers looked at DMs for any other elected official aside from the politician in the Netherlands.
Still, direct messages from these accounts and other prominent victims could contain non-public information or photos sent from or to major figures, which the hackers could choose to use or publicize at a later point in the future.
Twitter said last week that the attackers had downloaded takeout information using the "Your Twitter Data" tool for eight accounts.
The FBI is reportedly investigating the hack.