This data was viewed on 29 million people, and now Facebook is offering a way to see whether your account was broken into and what information was seen. If you visit Facebook’s Help Center, a notice at the bottom will explain whether your account was affected. If it was, it’ll state what information was taken.
Of the 29 million users, 15 million had their name, email address, and phone number exposed (depending on what contact info was on their profile). For the other 14 million, that info was viewed along with additional profile info, including gender, religion, location, device info, locations you’ve been tagged in, and Pages you’ve liked. Another million users had access to their accounts stolen, but never used. The hackers did not post anything on users’ profiles, as far as Facebook currently knows.
If your account was accessed, Facebook says you don’t have to do anything to secure it at this point. Passwords weren’t stolen, so you don’t need to change yours. Instead, the hackers took account access “tokens” that let them log in. Facebook reset those tokens last month, which is why you might have found yourself logged out of your account one day in late September.
Guy Rosen, VP of product management, said that the company hasn’t seen evidence of the accessed data being spread or used. For now, it’s not clear what, if anything, there is for users to do about the fact that their information was accessed. The investigation is still ongoing, and it’s likely Facebook will have more concrete details to share later; the company says the FBI is also investigating.
Of course, if you’re fed up with the constant privacy issues, there is one thing you can do to make sure you’re safe in the future — leave Facebook behind.