Today, Facebook provided additional information on the data breach it disclosed last month. Whereas it initially said up to 50 million users might have been affected, it now reports that 30 million were impacted by the breach. By exploiting a system vulnerability, attackers were able to steal digital keys called access tokens from those 30 million users, and Facebook has now laid out how those users were affected. The company is also notifying those impacted, but if you don't want to wait to be notified, you can check if your account was affected through this link.
The 30 million users whose access tokens were stolen fall into one of three categories. The attackers accessed name and contact information for around 15 million users. But for another 14 million, those behind the attack were able to access all sorts of information including username, gender, location, language, relationship status, religion, hometown, current city, birthdate, education, work, places where they checked in or were tagged, website, people or Pages followed, recent searches and device types used to access Facebook. For the final one million, though their access tokens were indeed stolen, the attackers didn't access any of their information.
The notifications Facebook is sending out will reflect those three categories and describe what information was accessed. The company is delivering them to the top of users' News Feeds over the next three days, but again, if you don't want to wait, just check your status here.