Facebook eventually said that about 30 million people actually had their login tokens stolen (you can see if your account was among them by checking this page), and said that the attackers took account details and contact information. Still, the paper said "internal researchers" believe the people behind it are existing Facebook and Instagram spammers who claim to run a "digital marketing company."

The lines between misinformation spread by nation-state sponsored trolls, shady analytics companies and spammers chasing trendy topics to make a buck have become increasingly blurred in recent years, so it's difficult to know if this adds up or if we'll ever know who exactly stole the information and where it ended up. Facebook VP Guy Rosen said on Friday that the company did not believe this attack was related to upcoming midterm elections, but other than indicating the FBI is also investigating, it hasn't publicly said anything else about who might have done it or why.