MANILA, Philippines – Facebook’s year just got a whole lot worse as the social network falls victim to a massive hack involving a potential 90 million users. 

Exploiting a vulnerability in Facebook’s “View As” feature, the currently unidentified hackers were able to log into users’ accounts. Facebook said the hackers had been interested in users’ names, genders, and home towns, although the full scope isn’t yet known, and could be deeper than current damage estimations are. 

While Facebook continues to investigate, users are advised to protect themselves from further potential damage. Here are a few key steps to take:

1) Change passwords

Click here to go to Facebook’s security settings page.

Facebook said that hackers didn’t get people’s passwords, but given that investigations are still ongoing, it’s best to err on the side of caution. It’s not impossible that passwords may have been siphoned too. 

If you are using your Facebook password in other websites, replace those passwords too. This is a rule of thumb in any breach as there’s a chance that hackers have acquired personal identifying information, which they can use to find your other online accounts and try the password you’ve used. 

2) Turn on two-factor authentication 

If you haven’t yet, you really should, and there’s no better time than now. Click here to go to Facebook’s security settings page.

Hackers actually bypassed the security provided by two-factor authentication by going directly after users’ access tokens. But this is still an extra security layer that should be turned on either way until other better security measures are found. 

3) Log out of all devices your Facebook account is logged in

The old access tokens are compromised. You’ll need to log out to minimize the risk of being compromised via those access tokens. 

Go to this page to see where you’re logged in, and log out in all of them. There’s a button which logs you out of every device.  

4) Log out of all websites where you’ve used your Facebook profile to create an account. 

As tech website Wired noted, the breach may also potentially affect more than just Facebook because of the platform’s Single Sign-On service. Some sites or services where Single Sign-On works are Spotify, Grab, and Tinder. 

It is prudent to log out of all of them too, then just log in again. 

You can see a list of these sites where you’ve logged in on this page: 

For now, these are the things you can do to at least minimize further exposure to potential threats. Make sure to perform these before continuing to use Facebook if you decide to keep on using it. – Rappler.com