clock menu more-arrow no yes mobile

Filed under:

Facebook now knows how many users were hacked last month: 29 million

The company had previously said as many as 90 million accounts could have been compromised.

Facebook CEO Mark Zuckerberg delivers a keynote address during the Facebook f8 conference on September 22, 2011, in San Francisco, California. 
Justin Sullivan/Getty Images

It’s been a rough year for Facebook.

The company announced Friday that hackers had gained access to 29 million personal accounts in a massive data breach two weeks ago. In nearly half of the cases, hackers were able to see details like their users’ relationship status, the area they live in and part of their search history.

This information was disclosed after the company initially told users that 50 to 90 million accounts might have been compromised, urging everyone who was forced to log out of the platform on Friday, September 28, to change their passwords. In a blog post Facebook published prior to the breach announcement, the company stated that it had identified a previously unnoticed vulnerability in its code, giving hackers the ability to steal users’ access tokens, which allow you to stay logged onto the platform for months at a time.

CNN reports that the FBI is “actively investigating” the breach, according to Guy Rosen, a company vice president. Rosen said the FBI has asked Facebook employees “not to discuss who may be behind this attack” or to share other details that may compromise the cyberattack investigation.

According to the most recent details, hackers could see the phone numbers and email addresses of 29 million users, and additional biographical information — including self-reported current city, education, work, people they follow, the last 10 places they were tagged in and the last 15 searches — of 14 million of those.

It’s just the latest example to drive home that private information shared online might not remain private. And the hack raises further questions about how well Facebook can protect users’ data.

Earlier this year, Facebook was at the center of controversy over its security systems again due to the Cambridge Analytica data breach, which affected 87 million accounts. Back then, Facebook CEO Mark Zuckerberg had said, “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”

This time around, Rosen took a step back and wrote in the blog post that “People’s privacy and security is incredibly important, and we’re sorry this happened.”

The latest data breach happened as many are questioning the role and influence of Silicon Valley in modern-day politics, wondering whether Facebook can responsibly exercise the power it holds over people’s everyday lives. From fake news, to targeted ads to now-commonplace data breaches, any change in Facebook’s practices, intended or not, can have major effects on the world.

For now, it’s probably a good idea to update your password.

“I feel like we’ve let people down and that feels terrible,” Zuckerberg told the New Yorker in a September piece. “But it goes back to this notion that we shouldn’t be making the same mistake multiple times.”

Sign up for the newsletter Today, Explained

Understand the world with a daily explainer plus the most compelling stories of the day.