How to check if you were affected by Facebook’s security breach

Facebook is notifying users that were affected by a data breach that occurred in September 2018 when millions of accounts were found to be vulnerable thanks to a series of exploits on the social networking platform.

In September 2018, Facebook discovered a bug in their “View As” feature (a feature that allows users to see their profile through the “eyes” of someone else) that allowed crooks to access accounts that didn’t belong to them, bypassing the account password. It was a zero-day exploit, meaning the bad guys knew about it before Facebook did.

* In the interest of avoiding any confusion, this has nothing to do with that viral message spreading between users that said “I got another friend request from you” that was baffling everyone. That was an inaccurate and misleading rumour. It has nothing to do with the September 2018 security breach. (You can read more about that here.) *

Facebook has been investigating the series of vulnerabilities that allowed crooks access millions of accounts, and has confirmed that crooks did manage to access a number of accounts as well as the information within them. In total, Facebook say around 30 million accounts were affected. Of those 30 million accounts…

…15 million had their email address, phone number (if added) and name exposed to the crooks.

…14 million had the above information exposed to the crooks as well as their username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.

…1 million affected accounts weren’t accessed at all.


Sponsored Content. Continued below...




How do I find out if my account was affected?

Accounts that were affected can expect a security update to appear when they access Facebook, examples are below. The specific message will depend on how significantly the account was impacted.

Alternatively, click here and scroll to the bottom and you’ll find out if Facebook believes your account was affected.

What to do if your account was affected?

If you don’t get a message from Facebook in the upcoming days, it is likely your account wasn’t affected by this breach. The breach didn’t compromise account passwords, so there isn’t any need to change your password as a direct result of this vulnerability. Credit card information wasn’t exposed, say Facebook.

However, if your account was compromised, the crooks have – at a bare minimum – your name and email address, and it is possible that this could mean a series of targeted scams could be initiated by the crooks (or anyone they sell your data to.)

Targeted scams are scams that can include personal information about you, the would-be victim, to make them more convincing. A basic example could mean a scam email will include your full name.

For many of the 14 million users that had significant information scraped from their accounts, crooks can get a lot more inventive to try and scam them by using their own information against them.


Sponsored Content. Continued below...




As such, it is extremely important for anyone affected by this security breach (or just everyone) to be extremely cautious of suspicious emails or phone calls. These can include emails that want you to click a link and enter your login details, or phone calls from anyone wanting you to login to your device or online accounts for any reason. Also, never give up important or sensitive information like credit card details, passwords or PIN codes through phone or email.

It is important to remember that just because someone contacts you claiming to represent a company or entity – be it through phone or email – it doesn’t mean they are telling the truth. If in doubt, hang up or don’t reply, and contact the relevant company/entity through their contact information listed on their official website or merchandise.

Keep an eye on important online accounts for suspicious activity, since it is possible that crooks may attempt to steal the identity of those who had substantial information exposed.

The more general advice is to just be especially aware of any type of suspicious activity you see on the Internet. If in doubt, seek help first.