An Update on the Recent Security Issue

Facebook Business

On September 28, we shared our discovery of a security issue that allowed attackers to exploit a vulnerability to steal access tokens, which they could use to expose information in people's accounts. Upon learning about the attack, we closed the vulnerability, stopped the attack and secured people's accounts by resetting the access tokens for people who were potentially exposed.

Today, we're sharing details we've found about the attack that exploited this vulnerability, and what information may have been accessed.

This attack did not include Messenger, Messenger Kids, Instagram, Oculus, Workplace, WhatsApp, Pages, payments, third-party apps or advertising or developer accounts. Specifically, we have no evidence of the attackers creating or running ads, posting to Pages, updating admin settings or accessing the ad accounts, Business Managers or Pages of the people whose access tokens were stolen. In an abundance of caution though, you can consider following these steps to make your business account more secure.

You can check whether your account was affected by visiting our Help Center. In the coming days, we'll begin sending customized messages to each of the 30 million people affected to explain what information might have been accessed, as well as steps you can take to help protect yourself, including from suspicious emails, text messages or calls.

You can learn more about our findings in the Facebook Newsroom.

Learn More

Get Facebook Business news in your inbox.

Sign up for our monthly newsletter for the latest updates, insights, marketing trends and articles from Facebook.

Tags

Announcements