Skip to main content

Facebook Inc. has tentatively concluded that spammers looking to make money, and not a nation-state, were behind the largest-ever data theft at the social media company, the Wall Street Journal reported on Wednesday.

The people behind the attack were a group of Facebook and Instagram spammers that present themselves as a digital marketing company, and whose activities were previously known to Facebook’s security team, the Journal reported, citing people familiar with the company’s internal investigation.

Last week, Facebook said that cyber attackers had stolen data from 29 million Facebook accounts using an automated program that moved from one friend to the next, adding that the data theft had hit fewer than the 50 million profiles it initially reported.

Story continues below advertisement

Facebook said in an e-mail to Reuters that it was co-operating with the Federal Bureau of Investigation on this matter.

The breach has left users more vulnerable to targeted phishing attacks and could deepen unease about posting to a service whose privacy, moderation and security practices have been called into question by a number of scandals, cybersecurity experts and financial analysts have said.

Facebook first disclosed the breach in late September and said it had fixed the issue soon after discovering it on Sept. 25.

Facebook said it was conducting an internal investigation into the incident and last week cut the number of affected users from its original estimate after investigators reviewed activity on accounts that may have been affected.

It had also notified the FBI, Department of Homeland Security, Congressional aides and the Data Protection Commission in Ireland, where the company has European headquarters.

Report an error
Tickers mentioned in this story
Unchecking box will stop auto data updates
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies