If you're a Facebook user (and aren't we all these days?), you should definitely change your password today.

Several sources report that 533 million Facebook users' personal data, including phone numbers, names, locations, and even email address, was recently found in a free database made available by hackers. According to Bloomberg, Facebook says the data was actually stolen in 2019 when a security issue was exploited, and that the vulnerability was fixed.

That's probably not much comfort to those whose data was made available in the database, which was exposed by two security experts over the weekend.

Get our free mobile app

Alon Gal with cybersecurity firm Hudson Rock shared details about the breach on Twitter, writing that he believes the information obtained by bad actors will be used for social engineering, scams, marketing, and more hacking. He also shared a breakdown of nations affected by the breach, which includes 32,315,282 users in the United States.

Troy Hunt, who created a website that allows users to search by their email or password to determine if either has been compromised, also took to Twitter to share information about the breach and call out Facebook's "absolute negligence" of user data.

"All 533,000,000 Facebook records were just leaked for free," Hunt wrote. "This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked."

Hunt posted a poll asking his followers if users' phone numbers should also be searchable on his site, haveibeenpwned.com. Most people voted in favor before the poll was removed.

So, what does this mean for you? According to Insider, it's possible that personal information you used to sign up for Facebook or submitted to fill out your user profile could be out there for thieves and scammers to pilfer for free. That can include your email, phone number, and even your bio.

Right now, the best step you can take to protect yourself is to change your password on Facebook and the email account you use to log in. Personally, I recommend you change those passwords every couple of months or so anyway, and that you do so for all your online accounts.

Security.org has a handy tool that can gauge how strong a potential password is. They recommend that your new password contain at least 16 characters mixing letters, numbers, and special characters like asterisks.

Even though they may be easier to remember, you really shouldn't use passwords that contain personal information or words that someone could easily guess based on your social media bio, status updates, or photos, like the names of your pets, kids, hometown, etc.

There are also password manager services that will protect all your passwords and alert you if any are compromised. Full disclosure: I've never used one of these services, so I can't tell you how effective they are. PC Mag has an article that reviews several of the most popular services.

In general, you should always avoid sharing personal information in fields that might be accessible to the public. Check your Facebook privacy settings to ensure that your posts and profile information aren't set to Public, and consider changing your settings so that only your friends can see what you post. Here's a guide on how to do that.

 

MORE: See 30 toys that every '90s kid wanted