The people behind the attack were a group of Facebook and Instagram spammers that present themselves as a digital marketing company, and whose activities were previously known to Facebook’s security team, the Journal reported, citing people familiar with the company's internal investigation.
Facebook says no sign recent hack spread to other apps
Last week, Facebook said that cyber attackers had stolen data from 29 million Facebook accounts using an automated program that moved from one friend to the next, adding that the data theft had hit fewer than the 50 million profiles it initially reported.
Facebook said in an email to Reuters that it was cooperating with the Federal Bureau of Investigation on this matter.
The breach has left users more vulnerable to targeted phishing attacks and could deepen unease about posting to a service whose privacy, moderation and security practices have been called into question by a number of scandals, cybersecurity experts and financial analysts have said.
Facebook building a 'war room' to battle election meddling
Facebook first disclosed the breach in late September and said it had fixed the issue soon after discovering it on Sept 25.
Facebook said it was conducting an internal investigation into the incident and last week cut the number of affected users from its original estimate after investigators reviewed activity on accounts that may have been affected.
It had also notified the FBI, Department of Homeland Security, Congressional aides and the Data Protection Commission in Ireland, where the company has European headquarters.
COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ