The hack, which Twitter over the weekend said was made possible when the attackers “manipulated a small number of employees and used their credentials” to log in and turn over access to 45 accounts, could have been much worse, a former employee at the social network told Reuters.

Even Twitter contractors at companies like Cognizant — which provides IT services — had the power to take over the most popular accounts on the site, according to the report.

Twitter declined to comment on that figure and would not say whether the number declined before the hack or since. The company is looking for a new security head, working to better secure its systems and training employees on resisting tricks from outsiders, Twitter said.

The FBI and other law enforcement authorities are also probing the attack, which hackers used to push a bitcoin scam.

More than 400 payments worth $121,000 flowed into three bitcoin addresses mentioned in the bogus tweets, according to Elliptic, a cryptocurrency analysis firm. The majority of the money came from Asia-based exchanges — including a single payment worth $42,000 — but about a quarter of the proceeds likely came from North American victims, Elliptic said.

The hackers reportedly paid a Twitter employee to help them carry out the attack.

With Post wires