Facebook Breach Exposed Personal Data of Millions of Users
Hackers could find out your birthplace, religion, gender, and relationships. What you can do about it.
Facebook said for the first time that the data breach reported in mid-September exposed the personal information of millions of users, including where they live, when they were born, and what their relationship status is.
The company said Friday that 30 million users were affected by the breach, less than the 50 million first reported. But nearly half of those users, or 14 million, had sensitive information accessed, including their username and recent Facebook searches.
Some 15 million had only their names and contact details, either their email or phone numbers, exposed. No data was stolen from the remaining one million accounts that the hackers accessed.
Privacy experts say that such personal details can be just as important to consumers—and valuable to criminals—as financial data.
“People share very sensitive information through their Facebook and Messenger accounts,” says Justin Brookman, director of consumer privacy and technology for Consumers Union, the policy and mobilization division of Consumer Reports. “And unlike credit card numbers, Facebook can’t just issue new numbers.”
What Should You Do?
"People can check whether they were affected by visiting our Help Center," the new Facebook blog post says. In the next few days, victims of the attack should receive messages explaining what information the attackers might have accessed, as well as steps they can take to help protect themselves, including from suspicious emails, text messages, or calls.
Facebook says it logged users out of all affected accounts when the breach was first discovered, deleting the problematic tokens. However, to be cautious, other users can log out of their accounts and log back in again.
Many people may be logged in to the platform on multiple computers and devices, however. It's not enough to just log out from the pull-down menu on your home page, which would log you out on the device you're using. Instead, go to the “Security and Login” page on your account and look under “Where You’re Logged In.”
At the lower right is the option to “Log out of all sessions.”
This message will show up:
“This will log you out of Facebook from every device you’re currently logged in on. If you didn’t log in on any of these devices, we can help you secure your account.”
If any of the devices are unfamiliar to you, alert Facebook. Otherwise, just click Log Out. You’ll now have to use your password to log back in on your laptop and other devices you use to access the platform.
The breach also affected Facebook Login, a feature that allows users to log into third-party accounts for websites like The New York Times, Pandora, and Yelp. While Facebook says there's no evidence that attackers gained access to third-party apps, this may be a good time to consider whether you want to continue using this feature.
To determine which sites you're currently accessing with a Facebook Login, go to a computer and click on the downward arrow at the top right of your Facebook page and choose Settings > Apps and Websites > Active.
If you want to stop logging in to the site with Facebook, click on the box next to the app’s logo and select Remove.
Remember that this process may functionally delete your account so create a new login and password for each app before making changes and contact the website for help on retaining your data or settings.
If you want to continue using that third-party account, you'll need to log in with a username and password the next time you're using the site. Select a strong, unique password, and to make it easier to create and keep track of your new passwords, consider using a password manager.
The next step? Monitor your account carefully, looking for any unusual activity and report anything suspicious to Facebook immediately.
If you’ve stopped using Facebook regularly, CR’s Brookman suggests, you might want to consider deactivating or deleting your account to enhance your privacy and security. Otherwise, make sure you examine and adjust the platform’s settings to enhance your privacy.
How to Create Strong Passwords
Think your passwords are tough to hack? Think again. On the 'Consumer 101' TV show, host Jack Rico and Consumer Reports expert Bobby Richter show how to protect your most private information online.