Here's how to tell if your data was affected, and what that means for you.
Doubling back on previous assessments, Facebook said on Friday that hackers were able to access the private data of 30 million users through the security flaw revealed by the company last month.
Users' data exposed included an individual's email address, phone number, full name, birthday, location history, recent check-ins, hometown, current city, workplace, education, gender, people and pages followed, type of device used to access Facebook, and recent searches, among other information that could put these users at serious risk.
The Facebook report, nondescriptly titled "An Update on the Security Issue," did not say who might have been behind the attack or if particular demographics were targeted, but it did say it is working with the FBI to investigate the breach.
Sen. Mark Warner, D-Va., vice chairman of the Senate Intelligence Committee, said that search history and location history are "particularly personal information" that should not be freely accessible to anyone when users entrust that information to be private.
"With each new, high-profile privacy breach, it’s ever-clearer that Congress needs to establish some guardrails for social media platforms to protect consumer data while encouraging American innovation,” Warner said in a statement.
Among the 30 million users hacked (a number lower than Facebook's previous estimate of 50 million), different accounts experienced varying levels of the data breach.
Facebook says that 15 million of these users just had their full names and contact details (including phone number and email, etc.) exposed.
The company says that for a second group of 14 million, hackers accessed data including "username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or pages they follow, and the 15 most recent searches."
A third group of one million users had their access tokens and friends' access tokens stolen, but no other information exposed, Facebook said in the report.
Facebook says it plans to alert relevant users soon with customized messages describing how their data was affected.
Courtesy of Facebook Newsroom
"Tens of millions of people impacted by the Facebook data breach are likely to find that they have now become intertwined in systematic phishing campaigns that will persistently target them and the organizations they work for for a long time," Oren Falkowitz, CEO of security firm Area 1 Security, said in an email to NBC.
Experts worry the exposure of this data could render these users susceptible to a wide range of attacks for the rest of their digital lives, particularly phishing attacks that use targeted emails to trick users into giving up personal information like passwords.
"If your personal information was accessed, Facebook says it may allow third parties to 'create and spread spam' on and off of Facebook. Your email address and phone number are valuable information for scammers and spammers," Nicole Nguyen and Katie Notopoulous at Buzzfeed explain.
"They'll send you sketchy emails that say, 'You've won a free night at Some Hotel' or 'Your Facebook account has been hacked. Change your password now' to bait you into giving up more personal information or to lead you to a website."
Users' Information Stolen by Hackers Included:
- Email address
- Phone number
- Location history
- Recent places checked in to or tagged in
- Recent searches you've made
- Full name/username
- Relationship status
- Current city
- Type of device used to access Facebook
- People and pages you follow
You can find out if your account was affected by visiting Facebook's Help Center.
What should we do about the increasing amount of data breaches affecting social networks? Share your thoughts in the comments.