Facebook believes that the hackers who gained access to private information of some 30 million users on the site were spammers looking to make money through deceptive advertising, the Wall Street Journal reported on Wednesday.
The findings so far suggested that the hackers were not affiliated with a nation-state, the Journal said, citing sources familiar with Facebook's internal investigation.
Internal researchers believe that the people behind the attack are from a group of Facebook and Instagram spammers who present themselves as a digital marketing company, according to the WSJ. Their activities were previously known to the tech giant's security team, the newspaper added.
Facebook did not immediately respond to CNBC's request for comment, sent outside office hours.
The company said hackers used 400,000 accounts under their control to steal access tokens of around 30 million Facebook users. Access tokens are used to log into Facebook accounts without needing to type in a password.
Facebook's vice president of product management, Guy Rosen, said in a blog post that the company saw an "unusual spike of activity" that started on Sept. 14, which prompted an investigation. On Sept. 25, Facebook determined that the surge was actually an attack and moved to fix the vulnerability.
"We're cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack," Rosen wrote.
Among the affected users, 14 million had their names, contact details and other sensitive information, including recent location check-ins, exposed. Another 15 million had just their names and contact data breached, while 1 million users only had their access tokens stolen. Facebook reset the access tokens for all of those users.
— CNBC's Salvador Rodriguez contributed to this report.