This week there was a Facebook breach that affected 50 million users. Three days later, on Friday September 28, 2018, all of those users were forced to change their Facebook passwords. Even if you were not required to change your password, it's a good idea to do it anyway. Do it this weekend.
A Forbes article about the breach also recommends that you log out of any other web sites where you authenticate using your Facebook credentials. To access this information in Facebook, click apps and web sites, then logged in using Facebook. Remove the apps that you've used your Facebook account to log in to.
Go to settings and click security and login. Select the single-click option to log out of Facebook and every app or site where you are logged in using Facebook.
If you haven't enabled two-factor authentication on Facebook, do it today. Employ the same protection for any site holding sensitive information about you. This should include your email account (if multi-factor authentication is offered by your email provider), your banking and insurance web sites, your retirement and investment sites/apps, etc.
And, finally, if you are not using a password manager to store and encrypt all of your app passwords, start doing that today. LastPass, 1Password and KeyPass are just a few password managers available. Most have a free option. Writing down passwords and re-using them across various web sites or apps is a huge risk that is easily avoided by using password manager software.
For more information about the vulnerability that was exploited, see https://www.forbes.com/sites/kateoflahertyuk/2018/09/29/facebook-data-breach-what-to-do-next/#b7fe4852de35.