Facebook’s recent hack that affected around 30 million people may have been caused by spammers, rather than entities tied to certain nation states.
That’s according to a report on Thursday by The Wall Street Journal citing anonymous sources familiar with the social networking giant’s investigation of the hack. The report said that the group responsible for the attack on Facebook’s software infrastructure was a collection of spammers that Facebook security members have been following for an unspecified amount of time.
The spammers posed as an unnamed digital marketing company, the report said.
Facebook declined to confirm if the hack was caused by spammers.
“We are cooperating with the FBI on this matter.” Facebook vice president of product management Guy Rosen said in a statement to Fortune. “The FBI is actively investigating and have asked us not to discuss who may be behind this attack.”
Facebook first revealed the hack, likely the company’s biggest in its history, in late September and originally said that around 50 million people may have been affected. A few weeks later, however, Facebook lowered the number of people it believed were impacted to 30 million, many of whom had sensitive data like email addresses, phone numbers, relationship status, and birth-dates compromised.
Executives at the company told reporters that the attackers were likely sophisticated because they were able to discover three separate bugs within Facebook’s large software infrastructure. After discovering how the software flaws were interrelated, the hackers were able to launch an attack.
Facebook said it discovered the attack on Sept. 14 and remedied the situation on Sept. 27.
Get Data Sheet, Fortune’s technology newsletter.
The major hack came just months after Facebook’s Cambridge Analytica scandal, which also compromised user data but was not technically a hack. That data blunder had to do with an academic who built a Facebook quiz app to collect user data, and then sold that information, against Facebook’s data policies, to the Cambridge Analytica political consulting firm.
Facebook’s security researchers typically say that much of the company’s work safeguarding its systems is intended to help reduce the prevalence of spam and related malicious activities on the social network. With the plague of fake news generated by bad actors allegedly trying to influence the U.S. and other world elections, Facebook has said that much of its security efforts are also being heavily directed at preventing propaganda from spreading on its various services.