Several people warned Twitter CEO Jack Dorsey about oversight of the contractors and employees who are able to override users’ security settings since 2015, Bloomberg News reported, citing former employees with knowledge of security protocols.

While the concerns came to the forefront this month after 130 high-profile users’ accounts were hacked and used to promote a cryptocurrency scam, the security flaws have existed for years, to the point that in 2017 and 2018, some contractors deliberately looked into celebrity accounts, including Beyonce’s, under the guise of help-desk inquiries.

The people behind this month’s hack reportedly reached at least one company employee by phone to gain access to security information that in turn gave them access to Twitter internal user-support tools, people familiar with the investigation told the publication.

The company last week began requiring all employees to take an online security training course outlining common phishing techniques, and a spokesperson told the publication it regularly conducts security training “in line with our commitment to protecting the privacy and security of the people we serve.”

This week, Dorsey reportedly told investors Twitter “fell behind, both in our protections against social engineering of our employees and restrictions on our internal tools,” according to the publication.

Former security employees told the publication that Twitter management has failed to manage support staff and contractors’ access to sensitive information, leading contractors to find ways of accessing the data of everyone from celebrities to exes.