Facebook revealed today that hackers stole user data from nearly 30 million accounts, making it the largest security breach in the company’s history. This comes after Facebook initially reported the breach affected 50 million users.
Attackers accessed information such as birthdays, employers, devices used to access Facebook, current city, religion, education, and relationship status from 14 million users. For 15 million users, profile details like name and contact information—phone number, email or both—were taken.
Facebook said hackers leveraged a vulnerability in its code and implemented an automated technique to easily maneuver between about 400,000 accounts to steal access tokens — the digital keys that keep people logged in to Facebook.
“The attackers used a portion of these 400,000 people’s lists of friends to steal access tokens for about 30 million people,” explained Guy Rosen, VP of Product Management in the company’s statement.
This attack did not affect other Facebook applications like Messenger, Messenger Kids, Instagram, WhatsApp, or any other third-party apps.
Users can check if their account was impacted by visiting the Facebook Help Center.
The social media company plans to send customized messages to the people affected, detailing what information may have been accessed and steps they can take to protect their user information.
Facebook says they are working with the FBI to investigate the security breach and are looking into the possibility of smaller-scale attacks.