Facebook October 2018 security breach: Everything you need to know

Facebook (Image credit: iMore/Rene Ritchie)

Earlier this year, Facebook came under fire for sharing heaps of data for over 87 million users with Cambridge Analytica. As if the company wasn't already having a tough time regaining the trust of its user base, Facebook's now announced that information for around 30 million people was exposed during an attack it shut down in September.

Here's everything you need to know.

The latest news

October 13, 2018: Find out if you've been affected by the October 2018 Facebook security breach

Facebook now has a dedicated page on its site to allow you to see whether your account was one of the 30 million affected by its most recent security breach.

Click here to see if you're Facebook account was affected

The page offers information about what happened and the current status of the investigation. At the bottom of the page, you'll see a special box with "Is my Facebook account impacted by this security issue?"

If you are signed in to Facebook, you'll see the status of your account and whether it was affected by the breach. If you don't see the box, sign in to your Facebook account and go back to the page.

Whether you've been affected by the most recent Facebook security breach or not, it's important to lock down your account in the most secure way possible, even at the expense of convenience.

Despite Facebook's irresponsible recommendation that "There's no need for anyone to change their passwords...," you should change your password regularly using a unique complex password.

Check out our comprehensive guide to Facebook, Privacy, and You

What happened?

Between July 2017 and September 2018, attackers accessed Facebook and created a security vulnerability that allowed them to retrieve access tokens to take over people's accounts.

Facebook says it noticed "an unusual spike of activity" on September 14, and on September 25, determined that it was being attacked.

Within two days, we closed the vulnerability, stopped the attack, and secured people's accounts by restoring the access tokens for people who were potentially exposed.

Facebook originally estimated that up to 50 million users had their information exposed, but that number has since dropped down to around 30 million. Of that number, 15 million users had their name and contact info (phone number and/or email) compromised while another 14 million lost that and their gender, Facebook username, location, language, relationship status, hometown, religion, current area of residence, birthdate, devices used to access Facebook, work, education, and more.

For the remaining 1 million, Facebook says that no information was compromised.

This attack did not affect Facebook Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, any third-party apps, or developer/advertising accounts.

What's Facebook doing?

Facebook is working with the FBI to determine exactly how this happened, and per the official press release, the FBI's asked Facebook "not to discuss who may be behind the attack."

The 30 million affected users will see customized messages on the Facebook app and website to let them know what info of theirs was stolen, and the company's Help Center has also been updated with new information about the attack.

What can you do to protect yourself?

Facebook says it'll be reaching out to users to tell them what next steps they should take, but as always with these attacks, there are a few things you can do right now to ensure you're taking the right steps.

For starters, it's never a bad idea to reset your password when something like this happens. Also, if you're still not using a password manager or two-factor authentication, now's a good time to change that.

Joe Maring

When Joe isn't acting as the News Editor for Android Central, he can be found helping out with articles here and there at iMore. He was last spotted at Starbucks surrounded by peppermint mochas. Have a tip? Send an email to joe.maring@mobilenations.com!