Facebook Reveals Only 30 Million Affected by Hack But Still Faces EU Fines

The social network posted a positive update on its data breach investigation. An hour, later DPC Ireland said its investigation on potential GDPR violations continues.
Loukia Papadopoulos

Last month, Facebook announced it had been the target of a data breach potentially affecting up to 50 million users. The news quickly made headlines around the world causing many to worry about their own accounts.

Facebook facing heavy fines

The social network apologized for the incident in a statement, explained the measures it was taking to protect possibly affected users and said law enforcement authorities had been alerted.

Despite this, EU privacy watchdog Data Protection Commission Ireland (DPC Ireland) announced it was investigating the data breach for possible violations of Europe's new General Data Protection Regulation (GDPR). If found guilty, Facebook was said to be facing fines of up to $1.63 billion

An update released

Now, Facebook has released an update on the breach investigation revealing the true number of users affected by the hack. Luckily, it seems to be better than initially assumed.

"We now know that fewer people were impacted than we originally thought. Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen," said the network's statement.


Facebook further outlined the numbers relating to specific information accessed. 15 million people had their names and contact details (phone number, email, or both) accessed by attackers and 14 million saw the same violation with additional info included such as username, gender, hometown, birthdate, 15 most recent searches and more.

1 million lucky users were completely untouched by the incident. Facebook revealed it was working with the FBI on the issue and that people could check whether they were affected by visiting the Help Center.

Most Popular

In addition, affected users will receive messages in the coming days with details on what information may have been accessed, as well as steps to take to protect themselves. The network also said Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, as well as advertising or developer accounts were not affected.

Investigation continues

An hour after Facebook released their update, DPC Ireland posted a Twitter statement saying the confirmation of a data breach meant it would continue its investigation into the social network. Meanwhile, Facebook has said it would continue to cooperate with the EU watchdog and other authorities to resolve the matter.




message circleSHOW COMMENT (1)chevron