Do a Device Audit

The best way to determine whether someone has gained improper access to your account is to do an audit of the devices that you have used to log into Facebook. On Facebook’s Security and Login page, under the tab labeled “Where You’re Logged in,” you can see a list of devices that are signed into your account, as well as their locations. If you see an unfamiliar gadget or a device signed in at an odd location, you can click the “Remove” button to boot the device out of your account.

Change Your Password

Facebook says that because it has fixed the vulnerability, there is no need to change your account password. But to be extra safe, you probably should anyway — especially if you use a weak password or saw any suspicious devices logged into your accounts.

If you decide to change your password, choose a complex one — and do not reuse a password you have used on a different site. Try creating long and complex passwords consisting of nonsensical phrases or one-sentence summaries of strange life events and add numbers and special characters, like: My favorite number is Green4782# .

To keep your passwords organized and easy to access, consider using a password-management app like 1Password or LastPass. These tools let you keep all your passwords in a digital vault that can be opened with one master password, and they can also automatically generate complex passwords.