14 DAY TRIAL // After an original estimation of 50 million users being affected by a security issue in the platform's "View As" feature, Facebook came with an update on September 28 saying that only 30 million users had their personally identifiable information and access tokens stolen in last month's security breach.
Facebook's VP of Product Management Guy Rosen said in a report that the attackers were able to steal Facebook access tokens by exploiting a bug in the "View As" profile feature which helps users see their own profile as other users would see them.
Following an investigation conducted by an internal team of researchers, Facebook now reportedly believes that a group of spammers posing as digital marketers was behind the attack.
As reported by The Wall Street Journal, "Internal researchers now believe that the people behind the attack are a group of Facebook and Instagram spammers that present themselves as a digital marketing company, and whose activities were previously known to Facebook’s security team, said the people familiar with the investigation."
The report comes from anonymous sources because as Rosen also stated, "We’re cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack."
The Wall Street Journal reports that Facebook's investigators think spammers camouflaged as advertisers were behind last month's hack
After the initial attack, Facebook decided to reset the access tokens of all 50 million users Facebook estimated as being affected by the hack to protect their profiles' security.
The social network also reset another 40 million access tokens of accounts which were detected as having used the "View As" feature during the last year.
According to Facebook's breach report, the stolen access tokens could have been used by the actors behind the attack to take over affected user accounts, allowing them to use the Facebook app without having to re-enter the password each time.
Rosen also said in a previous security update regarding that Facebooks users can check if their account has been affected by September's hack by going to Facebook's Help Center.