Skip to main content

Hackers stole personal information such as phone numbers and e-mails from as many as 30 million Facebook users as part of the most significant security breach in the company’s history.

The social-media firm first disclosed the breach two weeks ago, at the time estimating that as many as 50 million accounts had been hacked by people who had exploited a complex series of bugs in the company’s software.

Facebook scaled its estimate of affected users down to 30 million in an update on Friday, but revealed that hackers had been able to access a wide array of personal details from millions of accounts.

Story continues below advertisement

Company officials said that they believe hackers used automated software to steal contact information from profiles of 29 million Facebook users and said that they would notify affected users about what information was stolen and how to protect themselves against suspicious e-mails, phone calls and text messages. Another one million users had their accounts accessed but no information was stolen.

For roughly half the users affected by the breach, 14 million accounts, hackers were also able to collect even more information, such as birth dates, relationship status, lists of friends, posts they had written, recent search history and geographic information from the past 10 locations that they had checked into or were tagged on Facebook.

The hackers could also read the names of private conversations on Facebook Messenger, but not the content of those messages, company officials said. However, hackers were able to read messages sent to users who were administrators of Facebook pages.

The security breach comes at a time when Facebook is already under fire over data-privacy lapses. On Thursday, the company said it had purged roughly 800 accounts and publishers that were sending out politically motivated spam about the coming U.S. midterm elections, sparking renewed controversy that Facebook is censoring political speech. U.S. federal investigators and the Securities and Exchange Commission are also investigating the social-media giant’s response to revelations that political consultancy Cambridge Analytica improperly collected information from millions of Facebook accounts earlier this year.

Company officials said that the hackers were not able to access information on third-party apps like Facebook-owned Instagram, or services that allowed their users to log in to their apps through Facebook. The company initially warned that third-party apps may have been affected by the attack.

The company said that it is co-operating with an FBI investigation into the security breach and that investigators had requested Facebook not to discuss who was behind the attack.

Company officials declined to say what countries the hackers had targeted, but described the security breach as a “broad” attack. Canadian users have reported having to unexpectedly log in again to their Facebook accounts after the security breach. The company said that it had reset the accounts of 90 million users as a precautionary measure.

Story continues below advertisement

“People’s privacy and security is incredibly important and we are sorry this happened,” said Guy Rosen, Facebook’s vice-president of product management. “We know we will always face threats from those who want to take over accounts or steal information.”

Irish data-protection authorities have opened an investigation into whether the security breach violated Facebook’s obligations under the General Data Protection Regulation, strict new European Union digital-privacy laws enacted earlier this year.

“Today’s update from Facebook is significant now that it is confirmed that the data of millions of users was taken by the perpetrators of the attack,” Ireland’s Data Protection Commission said in a statement on Friday. European authorities can fine companies as much as four per cent of annual global revenues for serious privacy lapses.

Report an error Editorial code of conduct
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • All comments will be reviewed by one or more moderators before being posted to the site. This should only take a few moments.
  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed. Commenters who repeatedly violate community guidelines may be suspended, causing them to temporarily lose their ability to engage with comments.

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.
Cannabis pro newsletter