More than two weeks after Facebook revealed a massive data breach, we still don't know who was using the flaw in its site to access information on tens of millions of users. Now the Wall Street Journal reports, based on anonymous sources, that the company believes spammers perpetrated the hack in an attempt to make money via deceptive advertising.
Facebook eventually said that about 30 million people actually had their login tokens stolen (you can see if your account was among them by checking this page), and said that the attackers took account details and contact information. Still, the paper said "internal researchers" believe the people behind it are existing Facebook and Instagram spammers who claim to run a "digital marketing company."
The lines between misinformation spread by nation-state sponsored trolls, shady analytics companies and spammers chasing trendy topics to make a buck have become increasingly blurred in recent years, so it's difficult to know if this adds up or if we'll ever know who exactly stole the information and where it ended up. Facebook VP Guy Rosen said on Friday that the company did not believe this attack was related to upcoming midterm elections, but other than indicating the FBI is also investigating, it hasn't publicly said anything else about who might have done it or why.