The Twitter cryptocurrency hack raised questions about the platform’s identity as a ‘safespace’, and has the company jumping through hoops for identifying the root cause of the issue. In a new blog post, Twitter claims that the attack was a “phone spear phishing attack”, which targeted a small number of employees from the company.

Twitter explains that the hackers needed two important tools to launch a successful attack- first, access to the platform’s internal network, and second, specific employee credentials that granted them access to their internal support tools.

Investigation shows that not all the employees that were attacked in the initial stages of the attack had access to account management tools. However, using their accounts, hackers were able to breach into Twitter’s internal systems and gain information about vital processes. This information allowed them to gain access to employee accounts that in fact, had those account management tools, thus enabling them to target “130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.”

After the attack, perturbation regarding the use of these access tools became prolific. However, Twitter argues that access to these tools is strictly limited and is only granted for valid business reasons. Moreover, the company has a zero tolerance for misuse of credentials or tools, actively monitor for misuse, regularly audit permissions, and takes immediate action if anyone accesses account information without a valid business reason.

The attack has also led to Twitter significantly lowering access to these internal tools and systems to “ensure ongoing account security while we complete our investigation.” The company is also accelerating several of its pre-existing security workstreams and is working on further improving its tools. “We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams. We will continue to organize ongoing company-wide phishing exercises throughout the year,” Twitter added.