Facebook is taking steps to protect its own users in the aftermath of an Adobe hack that affected tens of millions of customer accounts. The company is asking anyone that used identical login credentials across both services to change their Facebook password immediately. To identify users that may be at risk, Facebook's engineers are combing through a publicly posted database that contains details on millions of Adobe accounts. If a match is discovered, Facebook displays a message that alerts users of a "security incident on another website unrelated to Facebook." "Facebook was not directly affected by the incident, but your Facebook account is at risk because you were using the same password in both places," the warning reads.
If you're among those affected, you'll be asked to answer a few questions for verification purposes, after which you can enter a new (and hopefully unique) password. As an added security precaution, Facebook notes that "no one can see you on Facebook until you finish" with the password reset process. "We actively look for situations where the accounts of people who use Facebook could be at risk — even if the threat is external to our service," a company spokesperson told Krebs on Security.
Adobe has confirmed that data on at least 38 million accounts was compromised in the breach, though security experts worry that the total figure may be much larger. Choosing the same password for multiple websites is never a wise choice, so if your Adobe login was used in more than one place, you should probably consider updating those passwords.