X

Facebook reportedly believes spammers were behind massive hack

Security breach exposed personal information for 29 million users.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Photo by Jaap Arriens/NurPhoto via Getty Images

Facebook has tentatively concluded that spammers masquerading as a digital marketing company were behind the massive security breach revealed last month, and not hackers working for a nation-state, the Wall Street Journal reported late Wednesday.

Facebook has been investigating the hack, which it calls the biggest security breach in its history, since its discovery on Sept. 25. The social network originally suspected as many as 50 million user accounts were affected but now believes it compromised the personal information for 29 million users, including phone numbers and email addresses.

The breach stemmed from a vulnerability in Facebook's "view as" feature, which lets people see what their profiles look like to other people. Attackers exploited code associated with the feature that allowed them to steal "access tokens" that could be used to take over people's accounts. The attackers also used a technique that let them steal access tokens from the friends of the accounts they already controlled, expanding their reach.

Facebook has said it's working with the FBI, which asked it not to discuss who might be behind the attack or whether they were targeting anyone in particular. But it's also said there's no reason to believe the breach was related to the upcoming US midterm elections.

The company declined to comment on the hack Wednesday, reiterating comments made Friday by Guy Rosen, Facebook vice president of product management.

"We are cooperating with the FBI on this matter," Guy said. "The FBI is actively investigating and have asked us not to discuss who may be behind this attack."

The nine types of Facebook ads that Russian trolls paid for

See all photos

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.

iHate: CNET looks at how intolerance is taking over the internet.