According to a report from the Wall Street Journal, Facebook has concluded that spammers were behind the massive security breach that Facebook revealed about last month.
These spammers who were pretending to be a digital marketing company were in fact hackers and not a group of hackers who were working for any nation.
The security breach is currently under investigation by Facebook. The attackers used a feature called “View As” which had a vulnerability in it that allowed the hackers to steal the access tokens that can be used to access the affected accounts.
This feature allows a user to see how their profile looks like to the public and their friends. This feature, however, had a vulnerability in it that allows the attackers to exploit the code and steal the access tokens. The attackers further attacked the other accounts by using a technique to steal access token of the accounts that were already controlling.
This is the biggest security breach in the history of Facebook and originally, the Silicon Vallery company suspected that 50 million accounts were affected, however, later on, they reported that the personal information of about 29 million accounts was compromised.
Facebook is also working with the FBI on this issue and FBI has asked Facebook to not reveal anything about the investigation.
One of Facebook’s representatives said that:
“We are cooperating with the FBI on this matter. The FBI is actively investigating and have asked us not to discuss who may be behind this attack.”
[Source: the Wall Street Journal]