Facebook now suspects it was criminal scam artists and not nation-state actors who compromised tens of millions of accounts in a major data breach that was discovered last month, according to the Wall Street Journal.

Citing individuals familiar with the breach investigation, the WSJ reported yesterday that Facebook believes the culprits are known social media spammers who fraudulently present themselves as a digital marketing company. Moreover, the company believes the perpetrators stole roughly 30 million user access tokens in order to bolster their deceptive advertising operations.

Facebook first detected a spike in unusual activity on Sept. 14, and confirmed the breach on Sept. 25. Three days later, the company disclosed its findings to the public, and the investigation has been ongoing.