This week, Pennsylvania Attorney General, Josh Shapiro, warned locals about the Facebook security breach that affected about 50 million users on the social media site. As previously reported, the breach was reported to the FBI and overseas officials, which resulted in about 90 million people being logged out of their accounts as a precaution.

This has been Facebook’s largest security breach in the 14 years of the company's existence. The attackers utilized special coding to gain access to users’ accounts and take control of them. Lawmakers have weighed in on the breach urging a thorough investigation to take place and for the findings to be open to the public so users stay informed.

“As my Bureau of Consumer Protection digs into this latest data breach at Facebook and investigates its impact on users across our Commonwealth, Pennsylvanians should take steps to protect themselves,” Shapiro said. “Facebook users should log out of signed in accounts, change your passwords and, most importantly, remember – never give money or personal information to anyone requesting it online or over the phone.”

Sign Up for E-News

The security breach could not have come at a worse time for the company after the scandal involving the British political consulting firm Cambridge Analytica gaining access to private information.

That scandal has caused users and lawmakers to question disinformation on Facebook affecting serious polls and elections. Lawmakers even have gone as far to say the government will need to step in if Facebook is unable to tighten security.

Shapiro was part of 41 State Attorney Generals who demanded answers from Facebook CEO Mark Zuckerberg back in March following the Cambridge Analytica scandal. It was revealed after investigating that nearly 3 million Pennsylvanians’ Facebook data was compromised during the scandal.

The September 25, 2018 breach, however, involved hackers utilizing three software flaws in Facebook’s system. Once they gained access, the hackers potentially could have gotten admittance to other apps connected with Facebook such as Spotify or Instagram.

Any app that allows you to connect through Facebook could have been compromised.  TAPinto estimates that more than 40,000 Lower Merion Residents may have had their data breached.

It is important to update passwords on any social media site or apps that may be connected through Facebook to avoid any exposure of private information. Shapiro gave his own set of tips to help social media users protect themselves. These tips include:


  • Do not give money, financial or personal information to anyone requesting it through Facebook or another online social media platform without first independently verifying the identity of the individual and their reason for needing the information.

  • Always log out of Facebook when not in use.

  • Change your password, make sure it is strong and continue to change it every six months.

  • Enable log-in notifications in your profile settings to alert you any time a log-in occurs from a new device.

  • Do not accept friend requests from people you do not know. Even if you do know the individual, the profile could be fake.

  • Monitor your credit card, banking, and other financial statements as you receive them for any suspicious charges.

  • Monitor your credit report by visiting the three major credit bureaus, Equifax, Experian, and TransUnion. You can access your report for free once a year at each bureau.


The breach is a harsh reminder that it is incredibly difficult to fully secure a system of over 2.2 billion users. This challenge increases with every third-party application Facebook connects with as well.

The investigation is in the earliest stages. Facebook has not released the identities of the attackers, or any information relating to them. They have not yet narrowed down the origin of the attackers or who they may have specifically targeted in the breach.

Shapiro recommends the following steps if you believe you’ve fallen victim to compromised personal information:

  • Contact your local police.

  • Freeze or close all affected accounts.

  • Change your PINs and passwords

  • Report it to Office of Attorney General at 1-800-441-2555 and the Federal Trade Commission at 1-877-ID-THEFT.

  • Freeze your credit until you feel confident the issue has been resolved and only unfreeze it when you are attempting to obtain new credit opportunities.

  • Contact the three major credit bureaus and place a “fraud alert” on your account:


TAPinto Lower Merion and Narberth is following the developing case.