Facebook’s recently-disclosed security incident that exposed the data of some 30 million members was committed by spammers, not nation-state actors, according to a new Wall Street Journal report. Facebook has yet to officially identify who’s behind the hack, with the company’s VP of product management Guy Rosen telling reporters last week that it was following requests from law enforcement.
“We are cooperating with the FBI on this matter,” Rosen said during a conference call on the subject. “The FBI is actively investigating and have asked us not to discuss who may be behind this attack.”
A Facebook spokesperson declined to comment further Thursday.
The social media giant disclosed at the end of last month that it had become victim to a hack, and preemptively reset a total of 90 million accounts. Last week, the company followed up with further details, disclosing that hackers were able to steal personal information from 29 million accounts.
Data harvested by the hackers included “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches,” according to a company blog post.
The company said that it would notify account holders affected by the hack. Facebook users are also able to check whether they were victim of the intrusion by going to Facebook’s help pages.
The Journal reported Thursday that the hack was committed by a group of Facebook and Instagram spammers who have been associated with a digital marketing company. It’s unclear how the spammers were looking to exploit the harvested data; Facebook spokespeople said during previous briefings about the incident that the hackers had not posted any content to the service during the intrusion.