Sigh. Not again.

The stolen account details of more than 500 million Facebook accounts has been shared publicly on a hacking forum. For those affected, their private data could be acquired for free by more or less anyone and used for impersonation or fraud. That’s a lot more accounts than even the Cambridge Analytica scandal in 2018, just one of Facebook’s many privacy gaffes over the years.

Leaked details include Facebook IDs, full names, birthdates, locations, and user bios. In some cases email addresses and phone numbers have been compromised too.

The leak actually took place in 2019, with Facebook quietly acknowledging it at the time and assuring us the vulnerability that allowed it to happen has been fixed. But this is the first time the data has been shared so publicly and freely. It includes account details from all over the world, with around 32 million Americans and 11 million Brits affected. The leak has been verified by Business Insider.

There’s no indication of how far and wide the data has spread or whether it has been used for any nefariously purposes yet. There’s also no way to check if your account was definitely part of the leak – but it’s probably best to err on the side of caution and change your passwords.

If you’re not using one yet, consider getting a password manager to make your accounts more difficult to crack. If you’re using the same few passwords for every website, you’re only as secure as the weakest service you use. Here’s an excerpt from our guide to staying safe online:

Apple’s iOS has a password manager – iCloud Keychain – baked right in. It’ll provide secure passwords for new accounts, and your login details (and payment cards) are synced between your Apple devices. If you use other platforms, perhaps also use a third-party password manager. Plenty of options are available, all of which integrate very nicely with iOS. We recommend LastPass for a free option, and 1Password app as a premium and more feature-rich take.

While you’re at it, take a look at haveibeenpwned.com to see whether your email address has surfaced in any other major leaks recently. That way, you’ll know which accounts to prioritize when it comes to making new passwords.