Here's How To Check If Your Facebook Profile Was One Of The 30 Million Affected By The Hack

A new security notice returns different results depending on your account's level of exposure.

Facebook issued an update today about a major security breach it recently revealed. >>>Click Here<<< to see if you were included.

Mandel Ngan / AFP / Getty Images

Facebook announced on Sept. 28 that a serious data breach had affected 50 million accounts, and an additional 40 million accounts may have also been exposed. Attackers had stolen "access tokens" — the thing that lets you stay logged into your Facebook account and access other websites with Facebook login — and these tokens potentially gave them full access to people's accounts. Facebook reset all those access tokens, which meant 90 million accounts were logged out, and people had to log back in.

Today, two leaks later, Facebook issued an update saying that the breach was smaller in scope than it first thought — only 30 million accounts were affected, not 50 million — but that these users' emails, phone numbers, and other personal information were exposed, which is pretty bad news.

Here's how to find out if your account was affected, right now. First, click on this Security Notice.


Scroll down and you'll see a section that tells you if your account was affected.


Katie's was not affected. *phew!*

Here's what it says if your account WAS affected and you're one of the 15 million who had a limited set of data accessed:


Nicole's was affected. Sad. :(

Here's what it says if your account WAS affected and you're one of the 14 million who had a large set of data accessed:


An even smaller subset of users will see this, which says that Messenger conversation names and your friends list were also hacked:


While you don't necessarily need to change your password, it's always a good time to make sure it's a strong, secure one (and change it if it's not).

This security issue did not affect your password but it's not a bad idea to reset it anyway (and to turn on two factor authentication!).

Here's more information on using a password manager with a strong password generator, and using authentication apps, instead of SMS, for two-factor authentication.

If your personal information was accessed, Facebook says it may allow third parties to "create and spread spam" on and off of Facebook. Here's how to avoid being tricked by spam or a phishing attack:

Your email address and phone number are valuable information for scammers and spammers.

They'll send you sketchy emails that say, "You've won a free night at Some Hotel" or "Your Facebook account has been hacked. Change your password now" to bait you into giving up more personal information or to lead you to a website.

Don't respond to these emails or click on suspicious links. If you're unsure about whether an email from Facebook is legitimate, go to the Security and Login section of your Facebook settings, and at the bottom, click See recent emails from Facebook. Here's a guide to phishing emails and how to identify them.

You may also get phone calls and text messages from numbers you don't recognize, where the caller delivers a similar message. Don't respond to these messages or calls, and if they are seemingly coming from Facebook, your bank, or a person claiming to be a friend or relative in an emergency, verify the message through other means. Additionally, now would be a good time to add a PIN to your cellular account.



A BuzzFeed News investigation, in partnership with the International Consortium of Investigative Journalists, based on thousands of documents the government didn't want you to see.