WSJ: Spammers looking to make money were behind recent attack on Facebook

According to Facebook sources from The Wall Street Journal, the preliminary conclusion of an internal investigation within the company is that spammers are behind the recent attack, which took the data of 29 million people. They wanted to make money.

Facebook message to users

Sources with knowledge of the internal investigation tell the business newspaper that the attackers were not operating on behalf of a state. Those conducting the investigation within Facebook would believe that it is a group of Facebook and Instagram spammers, posing as a marketing company. This group would be known to the Facebook security team. The company has not yet released any information about the identity of the attackers, leading to speculation that they may be state hackers after valuable information.

The Wall Street Journal further cites Facebook’s recent announcement, saying that the attackers stole the data of 29 million people via stolen access tokens. 15 million people had access to their name and contact information, including phone numbers and email addresses, and the other 14 million had access to profile information such as gender, language, relationship status, religion, place of residence, education, work and the 15 most recent searches. According to the newspaper, it is striking that the attackers have not also stolen the content of messages between users, while this would have been possible.

Facebook said it would approach the affected individuals with a personal message. Earlier it appeared that the attackers had used a combination of three bugs to get their hands on a large amount of access tokens.