BLOG

On September 28, Facebook announced that as many as 90 million users may have had their "access tokens" - which keep people logged into their account, stolen by hackers. On Friday, the company reduced that figure to 30 million accounts whose phone numbers and email addresses were accessed in the largest security breach in the company's history

Of the 30 million exposed, 14 million users had much more data harvested, including; "username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches," according to the company. 

According to Facebook VP Guy Rosen, the FBI is "actively investigating" the breach, reports CNNwhile Facebook took the unprecedented step of logging out 90 million accounts in response. Notably, Facebook says that the FBI has asked them not to reveal who may be behind the attack. 

"We’re cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack," said Rosen. 

Facebook says the exploit has been around since July 2017 and wasn't patched until last month after company engineers noticed unusual activity which turned out to be from the hack. 

How to check if you were hacked

To see if you were one of the 30 million hacked Facebook users, make sure you are logged into your account and click here to go to the Facebook help center

Then scroll to the bottom of the page to a blue box which reads: "Is my Facebook account impacted by this security issue?" 

If you have not been impacted it should say: "Based on what we've learned so far, your Facebook account has not been impacted by this security incident. If we find more Facebook accounts were impacted, we will reset their access tokens and notify those accounts."

Impacted accounts will see the following: