Twitter revealed personal information of 130 accounts was accessed by hackers in a widely-publicised attack last week with some of the data downloaded, raising further concerns over the company’s security measures.

In a blog on the latest findings around the cryptocurrency fraud-related hack on 15 July, Twitter admitted hackers were able to see personal data including email addresses and phone numbers, along with a possibility for “additional information” to have been accessed in some cases.

Attackers downloaded the information of up to eight users, containing account details and activity, and potentially also private direct messages, contacts and location history. Twitter said verified accounts were not affected by this.

The company explained the incident occurred after hijackers “manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections”.

It added hackers managed to reset passwords and log in to 45 of the accounts, and might have tried to sell some of the usernames.

User reaction was mixed, with some suggesting the hack was more widespread than an effort to raise Bitcoin contributions, and others calling for end-to-end encryption on messages and multi-factor authentication.

The attack reportedly prompted an investigation by the US Federal Bureau of Investigation (FBI) and officials in the State of New York.