Looking for a great deal?
Get ALL THREE of our new thank-you gifts when you donate $120.
This is a limited time offer – so act soon!
Last week, 90 million people had to log back into Facebook following a cyberattack.
Maybe you were one of them, and maybe you even took a minute to change your password. But this data breach goes way beyond Facebook, and it’s worth wading into the site’s thicket of privacy settings to see where else you might have been compromised.
The issue here is Facebook Login, a service that lets you access other accounts around the web without managing another password. If you’re logged in with Facebook, you’re logged in anywhere else. Attackers were exploiting a security flaw that gave them full access to 50 million Facebook accounts, meaning they could also get into connected food delivery apps, fitness trackers, ride-share services and much, much more, like this … Wi-Fi enabled sous-vide?
Facebook says there’s “no evidence” on its end that attackers improperly accessed any third-party apps, but the whole episode has inspired hand-wringing over just how much access we turn over to one service.
New York Times tech columnist Farhad Manjoo, for one, has sworn off Facebook Login for good.
“Like a trusty superintendent in a Brooklyn walk-up, Facebook offered to carry keys for every lock online. The arrangement was convenient — the super was always right there, at the push of a button. It was also more secure than creating and remembering dozens of passwords for different sites,” he wrote. “But the extensive hack vaporizes those arguments. If the entity with which you trusted your keys loses your keys, you take your keys elsewhere.”
But do you know just how many of your keys Facebook has? It’s easy to find out if you know where to look. It’s a few menus deep in your settings, which you can find way at the bottom of the hamburger menu. These screenshots are from the iOS app, but the Android version is similar enough.
To see which apps you log into with Facebook, now or in the past, go to settings, then “apps and websites,“ then “logged in with Facebook.“
From here, you can see all the apps you’ve logged into with Facebook, now or in the past. It’s especially useful to know about apps that have your credit card info. Messing with my Spotify playlists is one thing, but knowing that someone with access to my Facebook account could buy something on eBay is something else.
You can also see on this page what personal information each app gets from Facebook, like your profile picture and email address. You can also remove the login connection, but Facebook notes you’ll have to contact each company to ask them to delete that info. After you remove the login connection, you’ll probably have to reset your password on that service.
But if you’re not using Facebook to log into other apps, what should you use? Manjoo acknowledges that Facebook is better than simply using the same easy password for every site (guilty), and recommends a password manager with a strong master password. The Verge has a good guide.
But even if you do nothing else, you should still change your password. It can’t hurt.
If you’re a member of your local public radio station, we thank you — because your support helps those stations keep programs like Marketplace on the air. But for Marketplace to continue to grow, we need additional investment from those who care most about what we do: superfans like you.
Your donation — as little as $5 — helps us create more content that matters to you and your community, and to reach more people where they are – whether that’s radio, podcasts or online.
When you contribute directly to Marketplace, you become a partner in that mission: someone who understands that when we all get smarter, everybody wins.