Update 1:39pm CT: After other researchers pointed to flaws in their methodology, Symantec removed the $1 million estimate from their analysis.

UPDATE: Symantec says it has removed the section with ad revenue estimates from its report. Good! I hope the company also notifies reporters who cited the $1m figure so they can remove this info from their stories and notify readers as well. https://t.co/kQloSOR22n — Craig Silverman (@CraigSilverman) June 5, 2019

The original story follows below.

A new study into the Internet Research Agency (IRA), the Russian troll factory that authorities say was behind an effort to sow discord among Americans online ahead of the 2016 election, found that the effort was vast, set up months ahead of the election, and at least one account may have made money off its efforts.

Symantec, a cybersecurity software company, released its findings on Wednesday after analyzing a set of data released by Twitter of content produced by the IRA, calling the data “a treasure trove of information on how the IRA’s propaganda campaign operated.”

The company found that the IRA used main accounts and auxiliary accounts that were used to amplify messages from other accounts. In total, Symantec said, there were 123 main accounts and 3,713 auxiliary accounts in the data released.

Some of the accounts were set up months in advance of the start of the IRA’s campaign, the company found, with the average time between an account being created and posting its first tweet about 177 days. The average amount of time accounts remained active was 429 days.

The company said some of the IRA accounts may have made money on the side using monetized URL shorteners. One account in particular could have made nearly $1 million, according to the company’s findings.

“While this propaganda campaign has often been referred to as the work of trolls, the release of the dataset makes it obvious that it was far more than that,” Gillian Cleary, a senior software engineer at Symantec, wrote in a blog post. “It was planned months in advance and the operators had the resources to create and manage a vast disinformation network.”

Cleary added:

“It was a highly professional campaign. Aside from the sheer volume of tweets generated over a period of years, its orchestrators developed a streamlined operation that automated the publication of new content and leveraged a network of auxiliary accounts to amplify its impact.”

You can read all of Symantec’s blog post about its findings here.

READ MORE: