Facebook have provided an update today regarding their investigations to the recent security incident where approximately 30 million Facebook users have had their account information accessed. Facebook have confirmed that the hackers used access tokens to gain access to this information.

What have Facebook learned so far?

On September 25th 2018 Facebook discovered that there were three bugs on their system, causing the hackers to obtain access tokens. These tokens allowed the hackers to obtain unauthorised account information from Facebook users. Facebook have confirmed that they acted quickly to secure the site and start investigating.


Potentially, there were 90 million accounts that could have potentially been affected, which meant that Facebook invalidated all of these access tokens as part of securing the site. However, there is no need for anyone to change their passwords.

All of these access tokens have now been invalidated, meaning that no further information can be obtained by the hackers. Facebook have announced that the investigation is still ongoing.

To find out if your information has been accessed, and if so, which information was taken then you’ll need to go to the Facebook help centre website and follow the instructions at the bottom of the website.