If you have a Facebook account, now would be a good time to check on it. The social media giant announced Friday that a Facebook hack last month compromised about 30 million users’ names, phone numbers, emails and other personal details.
According to a company blog post, attackers found a vulnerability in the code and used Facebook’s “View As” feature to steal access tokens designed to allow people to stay logged in. The Facebook hack eventually exposed the names and contact information for 15 million users.
But it gets worse.
The hackers also accessed nearly everything 14 million users had on their profiles. That may include “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches,” according to Facebook.
The hackers stole the tokens for, but did not access the data on, another 1 million accounts.
The site began investigating the Facebook hack after noticing activity pick up on Sept. 14. By Sept. 27, it had stopped the attack. On Sept. 28, it went public with news of the incident, logging out about 90 million users as a precaution.
Initially, Facebook said as many as 50 million people had been affected, though it decreased that number in Friday’s update. It also confirmed the FBI is involved — but has told it “not to discuss who may be behind this attack.”
Use the Facebook Help Center to See If You’ve Been Affected
Facebook says it’s going to start alerting everyone whose accounts were compromised “in the coming days,” but you can find out right now. Go to this Help Center page and scroll to the bottom, where it says “Is my Facebook account impacted by this security issue?”
Your answer should be there.