Facebook Admits That Close To 30 Million Users Had Phone Numbers, Emails Hacked In Major Breach

Mark Zuckerberg makes a marketing statement.
Justin Sullivan / Getty Images

Facebook revealed on Friday that hackers accessed the data of around 30 million users, including their phone numbers and email addresses, CNBC reports.

The number now reported by the company is about 20 million less than they first announced back in September. The security breach allowed hackers to gain access to millions of people’s data — with 14 million users having their names, contact details, gender, relationship status, religion, birth date, and recent location check-ins exposed.

“We are still looking at other ways the people behind these attacks may have used Facebook, and we haven’t ruled out the possibility of smaller scale, low-level access attempts,” Facebook’s Vice President of product management, Guy Rosen, said.

“People’s privacy and security are incredibly important, and we are sorry this happened,” Rosen added.

For 15 million users, hackers managed to have access to two sets of information – their name and contact details. The latter would have been comprised of their phone number, email, or even both — depending on what they had linked to their profiles. For another 14 million people, the attackers targeted the same two bits of data, as well as other personal details people had placed on their profiles.

Said details included the aforementioned criteria as well as people or pages that compromised accounts followed, as well as their 15 most recent searches. Facebook also said that, for one million people at least, the hackers didn’t manage to access any information.

“Message content was not available to the attackers, with one exception. If a person in this group was a Page admin whose Page had received a message from someone on Facebook, the content of that message was available to the attackers,” Facebook said in a blog post.

Facebook also set up a website where its users can head to if they want to check whether their account was targeted or not, and if so, to what extent the breach impacted their personal information. Facebook said that the FBI is now investigating the security hack, and that the agency had asked them not to “discuss who may be behind this attack.”

The company claimed that the attack took place on September 14, and that it wasn’t detected until September 25. It took Facebook two days to fix the issue, and Rosen said users who were impacted will receive a note in the next few days notifying them of the breach.

As per a Hubspot analysis of the impacts of the breach, full 60 percent of respondents surveyed said that the breach would not cause them to halt their Facebook activity, or to delete their accounts.