This may be the biggest cyber-security blunder of all time – and it's even worse than you thought...
FACEBOOK'S latest hack attack doesn't just affect the social network – but loads of other sites too.
If you use Facebook to log into other services – like Instagram or Tinder – then Facebook hack attackers may have stolen all of your profile info, photos, private messages and more.
On Friday evening, Facebook revealed that hackers were given access to 50million accounts.
This let them use your Facebook account "as if they were the account holder" – a shocking security gaffe.
But because of the way the hack worked, it also gave attackers the same level of access to any accounts you use Facebook to log in with.
So if you tied your Facebook to Messenger, Instagram, Spotify, Tinder and Airbnb, hackers will have been able to slip into those accounts too.
It's all thanks to a major screw-up in Facebook's website code.
When you log into websites like Facebook, you get given an access token.
Access codes are like digital keys that remind the website – and other linked services – that you're logged in.
That's why when you close the Facebook tab and open it up again later, you're still logged in.
If you have an access token, you don't need to enter your username and password – because it means you're already logged into the website.
But last June, Facebook added a new video uploader tool that introduced a major bug.
The bug allowed hackers to generate access tokens for absolutely anyone on the website.
Unsurprisingly, hackers used this bug to create access tokens for 50million users across the site.