The recent Facebook breach that hit 30 million accounts was caused by spammers — not by a nation-state attack group — according to a report by the Wall Street Journal. 

The attackers did not go after message contents or history. Instead, according to the Wall Street Journal, "…they accessed contact details—including phone numbers and email addresses—gender, relationship status, and search and check-in data belonging to 14 million users. For another 15 million users, only names and contacts were accessed…"

Why go after this sort of information and not dig deeper for more sensitive personal data? While Facebook has not publicly identified the hackers, citing on-going investigations involving the FBI, people familiar with the investigation are quoted by the Wall Street Journal as saying they are, "…a group of Facebook and Instagram spammers that present themselves as a digital marketing company, and whose activities were previously known to Facebook’s security team."

The reason the spammers want the information, according to Wired, has to do with the quality of phishing message that can be built with the granular data discovered in this breach. Whether the scammer is attempting to blackmail the user or just write a compelling spearphishing message, more data equals better results.

Responding to the latest news, Lawrence Pingree, executive vice president, product management, at SonicWall said, "The sheer amount of user data and personal information that the Facebook spammers gained access to is staggering. Though organizations may feel heightened tension around threats from nation states, this is a stark reminder that equally nefarious and damaging action can be done by the more common spammer."

Related content:

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.