Facebook’s latest hack had the information of 29 million users scraped, but apparently by scammers wanting financial gain, rather than for political or ideological purposes.
The Wall Street Journal cited people familiar with Facebook’s internal investigation on the hack, who claimed those behind the attack were Instagram and Facebook spammers posing as a digital marketing company.
The incident has been under investigation since Sept. 25, when Facebook’s security team discovered someone downloading a large amount of digital access tokens from the social platform.
These tokens allow access to any part of a user’s Facebook account, but the spammers only accessed a limited set of information compared to what they could’ve taken. These spammers were motivated by money, rather than ideology, according to preliminary findings.
In the hack, 15 million people had their name and contact details (phone number, email, or both, depending on what people had on their profiles) accessed.
On top of that, a further 14 million users had other details like gender, locale/language, relationship status, and religion retrieved, on top of the previous data. One million users had no details accessed.
The people responsible behind the attack were able to exploit a vulnerability in the “View As” feature, which allows users to see how their profile looks to other people.
When contacted by Mashable, a Facebook spokesperson pointed to comments made by VP of Product Management, Guy Rosen, in a press call last Friday.
“We are cooperating with the FBI on this matter. The FBI is actively investigating and have asked us not to discuss who may be behind this attack,” he said.