By Joseph Menn, Katie Paul and Mark Hosenball
(Reuters) - Twitter Inc <TWTR.N> had stepped up its search for a chief information security officer in recent weeks, two people familiar with the effort told Reuters, before the breach of high-profile accounts on Wednesday raised alarms about the platform's security.
The FBI's San Francisco division is leading an inquiry into the Twitter hacking, it said in a statement, as more Washington lawmakers called for an accounting of how it happened.
The law enforcement agency said hackers committed cryptocurrency fraud after they seized control of the Twitter accounts of celebrities and political figures including Joe Biden, Kim Kardashian, Barack Obama and Elon Musk.
A day after the breach, it was not clear if the hackers were able to see private messages sent by account holders, although Twitter said it had no evidence that attackers had been able to access passwords.
The company said in a statement that it was continuing to lock accounts that had changed passwords in the past month, but said "we believe only a small subset of these locked accounts were compromised." Twitter declined to comment on the job search.
In a sign of how much the attack unnerved U.S. lawmakers, both Democrats and Republicans showed rare bipartisan agreement that Twitter must better explain how the security lapse happened and what it was doing to prevent future attacks.
"This hack bodes ill for November balloting," U.S. Senator Richard Blumenthal, a Democrat, said in a statement scolding Twitter for "its repeated security lapses and failure to safeguard accounts."
Echoing a similar sentiment, Representative Jim Jordan, the top Republican on the House Judiciary Committee, asked what would happen if Twitter allowed a similar incident to occur on Nov. 2, a day before the U.S. presidential election.
Jordan said he remained locked out of his Twitter account as of Thursday afternoon.
President Donald Trump, a prolific Twitter user, was planning to continue tweeting and his account was not jeopardized during the attack, spokeswoman Kayleigh McEnany said.
The White House had been in "constant contact with Twitter over the last 18 hours" to keep Trump's Twitter feed secure, she said.
Twitter said hackers had targeted employees with access to its internal systems and "used this access to take control of many highly-visible (including verified) accounts."
Other high-profile accounts that were hacked included rapper Kanye West, Amazon.com Inc <AMZN.O> founder Jeff Bezos, investor Warren Buffett, Microsoft Corp <MSFT.O> co-founder Bill Gates, and the corporate accounts for Uber Technologies Inc <UBER.N> and Apple Inc <AAPL.O>.
The company, which has been without a security chief since December, said the hackers conducted a "coordinated social engineering attack" against its employees.
Several security experts researching the case said that they believed the hackers were primarily interested in prestige Twitter accounts with one- or two-digit handles, such as @6.
Such accounts were among the first ones hacked Wednesday, even before the bitcoin requests, and control of handles was advertised in one forum for enthusiasts of accounts active since Twitter's early days.
Access to the employee tool could have spread beyond that group.
In an extraordinary step, Twitter temporarily prevented many verified accounts from publishing messages as it investigated the breach.
The second and third rounds of hijacked accounts tweeted out messages telling users to send bitcoin to a given address in order to get more back. Publicly available blockchain records show the apparent scammers received more than $100,000 worth of cryptocurrency.
As of Thursday, Twitter was continuing to block tweets containing the bitcoin addresses the scammers had used. Facebook Inc <FB.O> appeared to have enabled a similar security feature on its Messenger service temporarily on Wednesday, but did not respond to queries on whether it had also been targeted in the attack.
Twitter's shares fell a little more than 1% on Thursday.
CEO Jack Dorsey said on Wednesday that it was a "tough day" for everyone at Twitter and pledged to share "everything we can when we have a more complete understanding of exactly what happened".
Dorsey's assurances did not assuage Washington's concerns about social media companies, whose policies have come under scrutiny by critics on both the left and the right.
Frank Pallone, a Democrat who chairs the House Energy and Commerce Committee that oversees a sizeable portion of U.S. tech policy, said the company needed to explain how the hack took place.
The U.S. House Intelligence Committee was in touch with Twitter regarding the hack, according to a committee official who did not wish to be named.
(Reporting by Joseph Menn, Katie Paul and Mark Hosenball; Additional reporting by Ayanti Bera, Aakash Jagadeesh Babu and Subrat Patnaik in Bengaluru; Elizabeth Culliford and Paresh Dave in San Francisco; and Raphael Satter, Nandita Bose, David Shepardson, Diane Bartz and Jeff Mason in Washington; Editing by Lisa Shumaker and Christopher Cushing)