On Friday, Facebook said that hackers had stolen digital login codes that gave them access to nearly 50 million user accounts.

The hack - the worst security breach in the social network’s history – exploited three separate bugs which allowed hackers to use Facebook's ‘view as’ privacy feature to trick the platform into giving them digital keys to user accounts.

What information did hackers get?

The short answer is “we don't know”. Affected accounts – at least 50 million of them – were essentially ‘open’ to hackers. That means all their posts, private messages, photos and videos were at their mercy. Technically, hackers could even have posted on affected users’ profiles, though Facebook has said that it has no indication of this “so far”.

The hack could also have broader repercussions, though, because Facebook login credentials can be used to log into several third party websites and services – with data from those services potentially exposed to hackers.

What does that mean?

Many sites offer users the option of using their Facebook or Google logins to register for their services. This can be more convenient for users, who can just click through to login to a new service, without having to fill in login forms or remember multiple passwords.

But Friday’s hack also exposes some of the potential risks of keeping all your user logins in one basket. Several popular sites, among them Tinder, Instagram and Spotify, allow users to login using their Facebook accounts. 

It looks like hackers technically had access to any data the 50 million affected users had with such services. We do not know if they secured a copy of that data, and if so, what they did - or plan to do - with it. 

How do I know which services I have linked to my Facebook account?

All third-party services linked to your Facebook profile are listed in the ‘apps and websites’ section of your Facebook settings. From there, you can remove any which you feel are unnecessary. Remember that if you do so, you will be prompted to log in or register the next time you try and access that service.

What can I do now?

If you were one of the people Facebook believes was affected by the hack, you will have been automatically logged out of your Facebook account.

Even if you are not one of the 90 million who were logged out – 50 million were definitely hacked, with Facebook logging out a further 40 million as a “precautionary step” – you should log out of your Facebook account, and log back in.

The next thing you should do is check whether any other devices are logged onto your Facebook account, and log out of them. To do so, head to Facebook’s ‘security and login’ page.

Step three – ensure your Facebook profile is set to automatically alert you whenever an unrecognised login is detected. This, too, can be switched on from your ‘security and login’ settings page.

There’s one more thing you can do. Although Facebook says that login passwords were not affected, you may want to change your Facebook password too, for peace of mind. And if you have not done so already, be sure to activate two-factor authentication from your Facebook security settings. These two things are not strictly linked to last week's hack, but it's better to be safe than sorry. 

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.