Facebook hack: How to find out if your data has been stolen

Around 29 million users' account details were stolen in major cyberattack

Adam Forrest
Saturday 13 October 2018 14:48 BST
30 million Facebook accounts have been stolen

Could hackers see the last friend you searched for on Facebook, or the last restaurant you ate in? According to the company, the answer is “yes.”

On Friday, the social network admitted email addresses, phone numbers and several other sensitive account details had been stolen from 29 million users in a major cyberattack.

If you want to find out whether or not your own account was breached, Facebook has sent out a series of messages to let you know.

The first thing to do once you are logged into your account is go to this help centre page. If you scroll down, you should find one of several possible messages.

Those affected by the hack will see a message explaining the kinds of information accessed.

Around 15 million people have had names, email addresses and phone numbers taken.

Another 14 million people have also had more “specific” data scraped by hackers, including hometown, current city, religion and relationship status.

Further details taken from this group of users include the last 10 places you checked into or were tagged in, and your 15 most recent searches on Facebook.

Another one million people had their account breached, but no details were accessed.

Anyone unaffected by the cyber attack should find a message in the help centre telling them their account details were not hacked.

Beyond learning what kinds of information the attackers accessed, there is relatively little hacked users can do - other than watching out for suspicious emails or texts.

There was some good news in the details released by the company on Friday - hackers were not able to access even more sensitive information like passwords or financial details. And third-party apps weren’t affected.

Facebook said the FBI is investigating the hack, but asked the company not to discuss who may be behind it.

The attacker initially had access to 400,000 user profiles, which was then used to steal “access tokens” for those accounts’ friends, using a major bug in the code that powers Facebook.

The company said it hasn't ruled out the possibility of smaller-scale attacks that used the same vulnerability.

Thomas Rid, a professor at the Johns Hopkins University, also said the evidence, particularly the size of the breach, seems to point to a criminal motive rather than a sophisticated state operation, which usually targets fewer people.

“This doesn't sound very targeted at all,” he said. “Usually when you’re looking at a sophisticated government operation, then a couple of thousand people hacked is a lot, but they usually know who they're going after.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in