Facebook has now detailed whwhat was actually stolen in the breach it revealed two weeks ago. 30 million users, not 50 million as it initially estimated, had their access tokens stolen. 15 million of those had their name plus phone number and/or email scraped. 14 million had that info plus potentially more biographical info including “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.” The remaining 1 million users’ information wasn’t accessed.
Users can check Facebook’s Help Center to find out if their information was accessed, and Facebook will send customized alerts to those impacted detailing what was accessed from their account and what they can do to recover.
We’ll have more details shortly.