Facebook has revealed 50 million accounts have been hacked, though it’s unclear how many UK victims there are.
In a post on the site last night, Facebook vice president of product management Guy Rosen said a security breach had been discovered on Tuesday.
The social networking site insists the problem is now fixed, but hackers potentially have victims’ passwords, dates of birth, emails and phone numbers.
Facebook hasn’t revealed whether any UK users were hit, or where the compromised accounts are based, only saying the hack affected almost 50 million of its more than two billion users. It said the attack could have given criminals access to data from other apps that people sign in to via Facebook.
It has reset the hacked accounts, as well as another 40 million accounts that have been subject to a ‘View As’ look-up in the last year (see below for what ‘View As’ is). As a result, about 90 million people have been automatically logged out of Facebook and any apps that use a Facebook login, and they have to log back in to access their account.
What should I do to protect my data?
While it’s not clear who exactly has been hacked, it is possible if you were unexpectedly logged out of your account this week that you may be a victim.
Facebook says no one needs change their passwords for the social media network, but to be safe you may want to do so, and change the passwords of other accounts where you use the same login credentials.
Also be aware that criminals may attempt to use the news of the data breach as an opportunity to trick people into revealing information, called a phishing scam. No genuine organisation will contact you asking for sensitive info, and beware clicking on any links in texts or emails purporting to be from Facebook.
See our 30+ Ways to Stop Scams guide for more help.
While the investigation is in its early stages, Facebook said the hackers had exploited a vulnerability in the ‘View As’ feature, which lets people see what their profile looks like to someone else. Essentially, it allowed hackers to access people’s data via that feature.