Facebook today released new information regarding a data attack that compromised the personal data of 30 million users.

First reported on September 28 -- approximately three days after the full issue was allegedly first discovered -- a vulnerability in Facebook's "View As" feature allowed hackers to gain unauthorized access to private account information for personal user accounts.

It was originally estimated that 50 million users were impacted. That number has now been lowered to 30 million.

Here's the latest on the issue from Facebook, and how marketers should be prepared for what comes next.

The Latest Information From Facebook on the Data Attack

There were two key items in the update from Facebook today:

  1. The number of people affected: Facebook estimates that 30 millions accounts had their private data compromised, which is fewer than the original figure of 50 million.
  2. The nature of the personal data obtained by hackers.

Of the 30 million users affected by the incident, 15 million of them had two sets of information compromised: their names and their contact details. Information within the latter includes user phone numbers, email addresses, or both, depending on what each user disclosed on their profiles.

For another 14 million users, hackers gained those same two sets of information, as well as a plethora of personal details. These include:

  • Username
  • Gender
  • Locale/language
  • Relationship status
  • Religion
  • Hometown
  • Self-reported current city
  • Birthdate
  • Device types used to access Facebook
  • Education
  • Work
  • The last 10 places they checked into or were tagged in
  • Website
  • People or Pages they follow
  • Their 15 most recent searches

Users can see whether or not they were affected by the security issue here.

New York Times tech reporter Mike Isaac was one of the millions impacted back the attack, and shared the details of what affected users might see on Twitter.

Users who were likely not impacted might see this message on the aforementioned link:

Screen Shot 2018-10-12 at 1.28.41 PM

Facebook said today that the FBI is investigating the attack -- the latter has reportedly requested that the company not publicly discuss who might be behind it.

What Marketers and Businesses Should Know

Perhaps most troubling about the information revealed today is the nature of information scraped by hackers -- particularly user search and location history.

This is far from the first time Facebook has dealt with high-profile security issues. Over the past two years, the site has been repeatedly weaponized by foreign actors in coordinated misinformation campaigns. The personal data of 87 million of its users was improperly harvested by an app developer. 

Could this latest data attack be the last straw for users?

While 60% of the users we surveyed when news of it first broke said that the breach has not caused them to stop using Facebook, or delete their accounts -- these latest details might change their minds.

That number could remain steady, and we plan to measure it as news of these details continues to reach the public. But in the meantime, marketers might want to re-examine what their plans and strategies could look like with a drop in their Facebook audiences. 

According to earlier reports, Facebook Business Page engagement has dropped by an average of 50% over the past year. Combined with these latest events, some businesses might reevaluate how they use the site.

This is a developing story that we will update as more details emerge.

Originally published Oct 12, 2018 2:07:18 PM, updated December 11 2019