Social media company says those behind recent breach of high-level users' profiles 'mislead certain employees' to steal credentials