So, what does this exactly mean? And why does it happen if Facebook isn’t the site whose passwords have been compromised? Here’s the scoop.
Once the exposed passwords are published on a website, there is a risk to ALL sites where you use the same password. Let’s say you use the very same passwords at sites A, B, and C. If the passwords of site A are publicly exposed, all the world’s criminals (and the good guys too!) now have access to your account at all three sites: A, B, and C. But only the hacked site A sends you an email, so you don’t bother to change the password at sites B and C.
When a hacker has access to your passwords at sites B and C, it’s not just bad for your private data, it actually puts all the users of sites B and C at risk, because having these passwords helps hackers decode other passwords at the same site. The technical explanation of this bit of wizardry is beyond the scope of this tip. Let’s just agree that it’s bad for everyone.
So Facebook has been proactive on this problem, and if their robots can access your Facebook using an exposed email/password combo from another hacked site, Facebook will put your account in a closet, and not let anyone in or out, until you change the password.
The moral of the story is NOT ONLY should you use a long, non-dictionary password that consists of upper/lowercase letters, numbers and symbols, you should NEVER, NEVER, NEVER use the same password at two different sites!