Earlier this year, Facebook came under fire for sharing heaps of data for over 87 million users with Cambridge Analytica. As if the company wasn't already having a tough time regaining the trust of its user base, Facebook's now announced that information for around 30 million people was exposed during an attack it shut down in September.
Here's everything you need to know.
Between July 2017 and September 2018, attackers accessed Facebook and created a security vulnerability that allowed them to retrieve access tokens to take over people's accounts.
Facebook says it noticed "an unusual spike of activity" on September 14, and on September 25, determined that it was being attacked.
Within two days, we closed the vulnerability, stopped the attack, and secured people's accounts by restoring the access tokens for people who were potentially exposed.
Facebook originally estimated that up to 50 million users had their information exposed, but that number has since dropped down to around 30 million. Of that number, 15 million users had their name and contact info (phone number and/or email) compromised while another 14 million lost that and their gender, Facebook username, location, language, relationship status, hometown, religion, current area of residence, birthdate, devices used to access Facebook, work, education, and more.
For the remaining 1 million, Facebook says that no information was compromised.
This attack did not affect Facebook Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, any third-party apps, or developer/advertising accounts.
What's Facebook doing?
Facebook is working with the FBI to determine exactly how this happened, and per the official press release, the FBI's asked Facebook "not to discuss who may be behind the attack."
The 30 million affected users will see customized messages on the Facebook app and website to let them know what info of theirs was stolen, and the company's Help Center has also been updated with new information about the attack.
What can you do to protect yourself?
Facebook says it'll be reaching out to users to tell them what next steps they should take, but as always with these attacks, there are a few things you can do right now to ensure you're taking the right steps.
For starters, it's never a bad idea to reset your password when something like this happens. Also, if you're still not using a password manager or two-factor authentication, now's a good time to change that.
We may earn a commission for purchases using our links. Learn more.
I turned off my phone for a day and it was the best decision I made in 2020
The internet is great and useful for so many things. But a day without it was like a reboot inside me. You should try it.
Review: Dyson Pure Humidify + Cool is an incredible three-in-one system
Dyson's latest product combines a fan, air purifier, and humidifier into a single unit. The Pure Humidify + Cool has a premium design, delivers outstanding performance at both purification and humidification, and is an ideal product for the new work-from-home normal.
Don't delete your Oculus Facebook account if you want to keep your games
Nowadays, your Facebook account is your Oculus account. Make sure you don't delete it if you want to keep your games.
Keep your Samsung Galaxy Watch 3 looking stylish with a new band
If you recently purchasedthe new Samsung Galaxy Watch 3 or you're planning to do so soon, make sure you've got the right bands for it!