A few weeks back, Facebook has admitted that data of 50 million were accessed by hackers. To recall, what happened is that hackers abused a security hole in the “View As” feature on your profile that let you check whether your profile had private information visible to other people, friends, or other public. But the feature which was designed to protect the privacy of users had a big bug that would actually temporarily log you in as the other user and then hackers figured out to get lot of information with that bug.
Few days after the news of 50 million users data breach, Facebook again pushed a news that hackers stole access tokens for “only” 30 million people, not 50 million. Out of which, the hackers were able to get phone number, email address of 15 million people and username, gender, relationship status, religious, birthday, and a ton of other information including things you’ve searched for of 14 million people. No information of rest 1 million people.
The social media giant also said that of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen.
How to Know if You Were Part those 30 million:
You can check whether you were affected by visiting the update page on Facebook’s Help Center and scrolling down to the bottom, where you’ll see a notice like this, which will indicate whether you were or weren’t hacked. As you can see, my account was not accessed.
Should I be concerned or just ignore this?
Yes, you should be concerned whether your account is part of data breach or not because hackers steal information about you and then send you detailed threats to expose private information about you if you don’t pay them.
Hackers were not able to steal any of your passwords and they did not use these access tokens to get into any other third-party accounts.
If you were affected, the main thing that you should consider is that information that was accessed about you could be used to answer security questions on other sites to reset your password. You should never use common facts about yourself as the answer to security questions, and if you have, you should change them.
And just like every other day of the week, it’s time to start considering using a password manager if you haven’t already. And to further protect your accounts, make sure you’re using two-factor authentication everywhere, even if it’s just the SMS variety.