The sad news
Could hackers have been able to see the last person you cyberstalked, or that party photo you were tagged in? According to Facebook, the unfortunate answer is ‘yes’.
On Friday, the social network said fewer users were affected in a security breach it disclosed two weeks ago than originally estimated — nearly 30 million, down from 50 million. In additional good news, the company said hackers weren’t able to access more sensitive information like your password or financial information. And third-party apps weren’t affected.
There’s nothing a user can do
Still, for users already uneasy about the privacy and security of their Facebook accounts after a year of tumult , the details that hackers did gain access to — gender, relationship status, hometown and other info — might be even more unsettling.
Facebook has been quick to let users check exactly what was accessed. But beyond learning what information the attackers accessed, there’s relatively little that users can do — beyond, that is, watching out for suspicious emails or texts. Facebook says the problem has been fixed.
Damage is been done already
The company set up a website that its 2 billion global users can use to check if their accounts have been accessed, and if so, exactly what information was stolen. It will also provide guidance on how to spot and deal with suspicious emails or texts. Facebook will also send messages directly to those people affected by the hack.
On that page, following some preliminary information about the investigation, the question “Is my Facebook account impacted by this security issue?” appears midway down. It will also provide information specific to your account if you’re logged into Facebook.
All info that have been hacked
Facebook said the hackers accessed names, email addresses or phone numbers from these accounts. For 14 million of them, hackers got even more data — basically anything viewable on your account that any of your friends could see, and more. It’s a pretty extensive list: user name, gender, locale or language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places you checked into or were tagged in, your website, people or Pages you follow and your 15 most recent searches.
No details on 1 million affected accounts
An additional 1 million accounts were affected, but hackers didn’t get any information from them.
The company isn’t giving a breakdown of where these users are, but says the breach was ‘fairly broad’. It plans to send messages to people whose accounts were hacked.
Facebook has fixed bugs
Facebook said the FBI is investigating, but asked the company not to discuss who may be behind the attack. The company said it hasn’t ruled out the possibility of smaller-scale attacks that used the same vulnerability.
The company said it has fixed the bugs and logged out affected users to reset those digital keys.