To change the link in the tweets they apparently compromised the ShortSwitch account used by the organization to shorten URLs when including links in tweets and posts, and to break into the aforementioned staff email accounts they likely resorted to phishing emails leading to fake Google Apps login pages.
"Some OFA staff were conducting business using Gmail email accounts, hosted through Google Apps for Business," say Symantec researchers.
According to information received by Mashable directly from the SEA, one of the compromised email accounts belongs to Suzanne Snurpus, one of the administrators of BarackObama.com.
The information contained in that account allowed them to access the control panel for the website and to deface one of its pages to, as well as the ShortSwitch account.
The compromise of the email accounts was made even easier by the fact that their owners didn't enable two-step verification, claim the hackers.
The organization has managed to wrestle back the compromised accounts from the attackers, and have restored the site and original links, but not before the tweets with the offending link were retweeted and shared many times on the two social networks.