On September 28, Facebook announced that as many as 90 million users may have had their "access tokens" - which keep people logged into their account, stolen by hackers. On Friday, the company reduced that figure to 30 million accounts whose phone numbers and email addresses were accessed in the largest security breach in the company's history.
Of the 30 million exposed, 14 million users had much more data harvested, including; "username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches," according to the company.
my facebook has been hacked. pic.twitter.com/JoKab0InG7— abijith ka (@abijith_ka) October 13, 2018
According to Facebook VP Guy Rosen, the FBI is "actively investigating" the breach, reports CNN, while Facebook took the unprecedented step of logging out 90 million accounts in response. Notably, Facebook says that the FBI has asked them not to reveal who may be behind the attack.
"We’re cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack," said Rosen.
Facebook says the exploit has been around since July 2017 and wasn't patched until last month after company engineers noticed unusual activity which turned out to be from the hack.
How to check if you were hacked
To see if you were one of the 30 million hacked Facebook users, make sure you are logged into your account and click here to go to the Facebook help center.
Then scroll to the bottom of the page to a blue box which reads: "Is my Facebook account impacted by this security issue?"
If you have not been impacted it should say: "Based on what we've learned so far, your Facebook account has not been impacted by this security incident. If we find more Facebook accounts were impacted, we will reset their access tokens and notify those accounts."
Impacted accounts will see the following:
If you're among those who were worst affected by the Facebook hack this is what you will see when you go to this link to check if your account was breached (you need to be logged into Facebook for this to work) https://t.co/vxXrD6K3WP pic.twitter.com/XiV5YRRArM— Donie O'Sullivan (@donie) October 12, 2018