The latest hack of Facebook that compromised 30 million accounts was apparently pulled by spammers than political agents.
In late September, the security team of the biggest social network discovered that a large amount of digital access tokens were being downloaded. The Facebook security tokens are data which make it possible for Facebook to keep track of devices where the accounts keep logged in. These security tokens could be used to access the accounts and, hence, personal details of the victim users. However, the attackers were only able to access a very limited set of information.
The investigation revealed that the attack was carried out for financial gains by a group of Instagram and Facebook spammers posing as a digital marketing agency. The spammers were able to scrape information of 29 million users, out of which. 15 million users had their name and contact details accessed while other details such as gender, language, relationship status, and religion were retrieved for 14 million. Only one million users remained unaffected by the attack.
The attackers were able to exploit the vulnerability in the View As Feature. The feature allows users to see how their profile appears to other Facebook users. Speaking to Mashable, a Facebook spokesperson indicated that the social network is actively working with the FBI to track the attackers. At this point in time, FBI has asked Facebook to not reveal the identity of the alleged attackers.