So Facebook just got pwned. Like, badly.
The company announced today that hackers obtained access to 50 million users’ accounts, and could use them as if the accounts were their own. But what does that mean for you? Was your account one of the ones affected, and, if so, what can you do to protect your account going forward?
While there remain a lot of unanswered questions about what data was stolen, and who is responsible, there are thankfully a few clear steps you can take to stop the bleeding. Whether it’s too late to really matter, well, that’s a different question.
1. Find Out If Your Account Was Affected
To determine how badly you should panic, it’s worth first finding out if your account was one of the 50 million in question. Unfortunately, there’s at present not a 100 percent sure way to know.
While Facebook logged out all the accounts that were hit, finding yourself suddenly booted out of Facebook apps and browser sessions isn’t a surefire way to know if a hacker was digging around in your profile. That’s because the company also logged out another 40 million accounts as a precautionary measure.
So, in other words, if you tried to log into Facebook this morning only to find that you strangely had to renter your password where before it had been saved, you might have been hit. But maybe not. If you didn’t have to do that, you’re probably safe.
Either way, there are some basic precautions you should consider.
2. Log Out Everywhere
The first thing you can do is log out of your Facebook account, everywhere. Like, every single place that it’s logged in — your web browser, the app on your phone, your iPad — everywhere. Facebook may have already done this for you, but, if it hasn’t, you should probably do this for yourself.
Why? Well, according to the company, hackers stole so-called access tokens — “the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app” — and used those to access victims’ accounts. Facebook has reset these tokens, but still suggests as a “precautionary action” people go ahead and log out everywhere.
Oh, also, the “investigation is still in its early stages.” So, in other words, there’s probably a lot that the Facebook security team doesn’t know at this point. Better to log out just to be safe.
If you’ve been logged out of your account and asked to sign back in, it’s because we’ve discovered a security issue and are taking immediate action to protect people on Facebook. Learn more https://t.co/XLcHGYFBu2
— Facebook (@facebook) September 28, 2018
To do so, head to the “Security and Login” section found in settings. There you will find an option to log out of all your sessions. Click it.
3. Your Password and Two-Factor Authentication
Importantly, Facebook explicitly says there is no need for you to change your password. And the company is probably correct. Again, though, the investigation of the hack isn’t yet complete.
So while you likely don’t need to change your password, this might be a great time to make sure you have a password unique to Facebook. This means that if your password is ever compromised on Facebook, none of your non-Facebook accounts will be vulnerable as a result.
What’s more, having a unique Facebook password means that if someone manages to get your email or, say, Twitter password, that person won’t then be able to automatically use it to log into your Facebook account.
And, for good measure, turn on Facebook’s two-factor authentication. Use an authenticator app.
4. Delete Your Account
Sick of all this Facebook garbage? Why not delete your account. After all, it’s pretty hard to hack your Facebook account if you don’t have one.
Mark Zuckerberg famously said that “we have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”
Maybe, just this once, he was right.
This article was originally shared on Mashable.