Facebook hack leaks data from 30 million users (UPDATE)

Facebook hack

Update: Facebook has just announced additional details on last month's data breach. The company now says that only 30 million accounts had their access tokens stolen instead of the 50 million they had originally believed, and of those 30 million, 15 million users just had their emails and phone numbers taken.

Worse, however, is that for 14 million unlucky users, the hackers were able to access both email info and phone numbers plus their "username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches" as well.  

Thankfully, 1 million users of the targeted attack had no data stolen at all.

In an updated post on Facebook's newsroom, the company says it's working with the FBI, who is actively investigating the situation, and therefore can't reveal who they believe were behind the attack.

Original story follows below...

Earlier this week Facebook discovered a breach in its security that compromised the data of nearly 50 million accounts. The announcement that the breach occurred was made on Friday and while authorities have been contacted, but Facebook has yet to discover where the attack came from or the full scope of it.

The breach was discovered by Facebook’s engineering team Tuesday morning and, according to a post on Facebook’s newsroom, the company says that 90 million users were forced to log out and log back in to verify their credentials. 

According to Facebook, the attackers used the “View As” feature that allows users to see what their account looks like to their friends, family members and complete strangers to “steal Facebook access tokens which they could then use to take over people’s accounts”.

After the breach, Facebook says it will disable that feature until it can conduct a thorough security review.

What information was taken?

At the moment, Facebook has yet to reveal what data was affected by the breach but says that it’s working to figure that information out.

It doesn’t help that the company isn’t sure who the attackers are or where the attackers came from. Those details, according to Facebook, are still under investigation.

“We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.”

Facebook has reset the access tokens for some 50 million accounts it knows were affected by the breach, alongside another 40 million other accounts that may have been affected.

For those worried they may be affected, Facebook is encouraging folks to visit the “Security and Login” section in their settings to log out of all the locations signed in with their account.

Nick Pino

Nick Pino is Managing Editor, TV and AV for TechRadar's sister site, Tom's Guide. Previously, he was the Senior Editor of Home Entertainment at TechRadar, covering TVs, headphones, speakers, video games, VR and streaming devices. He's also written for GamesRadar+, Official Xbox Magazine, PC Gamer and other outlets over the last decade, and he has a degree in computer science he's not using if anyone wants it.

Latest in Facebook
 Facebook social media app logo on log-in, sign-up registration page
How to delete all your Facebook posts
The Meta logo on a smartphone in front of the Facebook logo a little bit blurred in the background
Meta's new 'Link History' feature for the Facebook app isn't as protective of your data as it claims
The Meta Quest 3 in action
How much more data can Meta collect? Probably a lot, thanks to the Meta Quest 3 and Ray-Ban smart glasses
A laptop screen showing a Facebook Groups page
Scam alert: how to spot hoax posts in your Facebook Groups
Facebook
Facebook Messenger is losing a useful messaging feature soon
mother watching her daughter's activity online
Meta's new Facebook parental controls show social media still doesn't like responsibility
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough