Facebook announces details of personal information exposed in major data breach

30 million users were affected by the breach

Social media giant Facebook has announced details of the personal information relating to millions of users that was exposed by a data breach in recent weeks.

In a blog post, the company said it has been “working around the clock” to investigate the security issue uncovered two weeks ago.

It said it has now established that 30 million users were had their personal data exposed – 20 million fewer than originally thought.

Guy Rosen, vice president or product management at the company said the attackers were able to access different levels of data for different groups among the exposed accounts.

For 14 million people, the attackers gained access to huge swathes of personal user information, including:

  • Names
  • contact details
  • Usernames
  • Gender
  • Language
  • Relationship status
  • Religion
  • Hometown
  • Current city
  • Birth date
  • Device type
  • Education
  • Work
  • The last ten places they checked in to or were tagged in
  • Websites, people or places they follow
  • 15 most recent searches

For a further 15 million, the hackers were able to access names, emails and phone numbers.

They were unable to access to any information relating to the final one million affected users.

FBI investigation

Facebook said it is “cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack.”

It said the attackers took advantage of three distinct software bugs in the social network’s ‘View As’ feature – which allows users to see what their profile looks like to other users.

The attackers were able to use the vulnerability to steal ‘access tokens,’ which they could then use to take over people’s accounts.

Access tokens are the equivalent of digital keys used to keep people logged in so they do not have to continuously enter their password every time they use the app. 


You can check whether your account was affected by visiting the Facebook help centre.

The company said it will continue to cooperate with the FBI, the US Federal Trade Commission, Irish Data Protection Commission and other authorities to protect against further attacks.