On September 28, Facebook announced that as many as 90 million users may have had their "access tokens" - which keep people logged into their account, stolen by hackers. On Friday, the company reduced that figure to 30 million accounts whose phone numbers and email addresses were accessed in the largest security breach in the company's history.
Of the 30 million exposed, 14 million users had much more data harvested, including; "username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches," according to the company.
According to Facebook VP Guy Rosen, the FBI is "actively investigating" the breach, reports CNN, while Facebook took the unprecedented step of logging out 90 million accounts in response.
Facebook says the exploit has been around since July 2017 and wasn't patched until last month after company engineers noticed unusual activity which turned out to be from the hack.
How to check if you were hacked
To see if you were one of the 30 million hacked Facebook users, make sure you are logged into your account and click here to go to the Facebook help center.
Then scroll to the bottom of the page to a blue box which reads: "Is my Facebook account impacted by this security issue?"
If you have not been impacted it should say: "Based on what we've learned so far, your Facebook account has not been impacted by this security incident. If we find more Facebook accounts were impacted, we will reset their access tokens and notify those accounts."
Impacted accounts will see the following: