Marketplace is community-funded public service journalism. Give in any amount that works for you – what matters is that you give today.
Last week, 90 million people had to log back into Facebook following a cyberattack.
Maybe you were one of them, and maybe you even took a minute to change your password. But this data breach goes way beyond Facebook, and it’s worth wading into the site’s thicket of privacy settings to see where else you might have been compromised.
The issue here is Facebook Login, a service that lets you access other accounts around the web without managing another password. If you’re logged in with Facebook, you’re logged in anywhere else. Attackers were exploiting a security flaw that gave them full access to 50 million Facebook accounts, meaning they could also get into connected food delivery apps, fitness trackers, ride-share services and much, much more, like this … Wi-Fi enabled sous-vide?
Facebook says there’s “no evidence” on its end that attackers improperly accessed any third-party apps, but the whole episode has inspired hand-wringing over just how much access we turn over to one service.
New York Times tech columnist Farhad Manjoo, for one, has sworn off Facebook Login for good.
“Like a trusty superintendent in a Brooklyn walk-up, Facebook offered to carry keys for every lock online. The arrangement was convenient — the super was always right there, at the push of a button. It was also more secure than creating and remembering dozens of passwords for different sites,” he wrote. “But the extensive hack vaporizes those arguments. If the entity with which you trusted your keys loses your keys, you take your keys elsewhere.”
But do you know just how many of your keys Facebook has? It’s easy to find out if you know where to look. It’s a few menus deep in your settings, which you can find way at the bottom of the hamburger menu. These screenshots are from the iOS app, but the Android version is similar enough.
To see which apps you log into with Facebook, now or in the past, go to settings, then “apps and websites,“ then “logged in with Facebook.“
From here, you can see all the apps you’ve logged into with Facebook, now or in the past. It’s especially useful to know about apps that have your credit card info. Messing with my Spotify playlists is one thing, but knowing that someone with access to my Facebook account could buy something on eBay is something else.
You can also see on this page what personal information each app gets from Facebook, like your profile picture and email address. You can also remove the login connection, but Facebook notes you’ll have to contact each company to ask them to delete that info. After you remove the login connection, you’ll probably have to reset your password on that service.
But if you’re not using Facebook to log into other apps, what should you use? Manjoo acknowledges that Facebook is better than simply using the same easy password for every site (guilty), and recommends a password manager with a strong master password. The Verge has a good guide.
But even if you do nothing else, you should still change your password. It can’t hurt.
There’s a lot happening in the world. Through it all, Marketplace is here for you.
You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible.
Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.