The platforms, both owned by Meta, are two of the most used sites in the world.
Now users are being told that they may need to strengthen the security on their account after scammers attempted to steal information with phishing scams.
What has happened to passwords on Whatsapp and Facebook?
Meta have warned that users on both platforms could have been victims of “phishing” attack, which aims to steal information such as passwords by providing a fake login page.
Users of all Meta products including Whatsapp, Facebook, Instagram and Facebook Messenger were vulnerable to the phishing scams.
It comes after the company sued hackers who were using phishing scams to steal information from their users.
Facebook litigation director Jessica Romero said: “Phishing is a significant threat to millions of Internet users.
“Phishing attacks lure victims to a website that appears to be operated by a trusted entity, such as a bank, a merchant, or other service.
“The website, however, is a deception, a fake, and the site’s fake content is designed to persuade a victim to enter sensitive information, like a password or email address.
“We are taking this action to uncover the identities of the people behind the attack and stop their harmful conduct.”
What should I do if I think my account has been compromised?
Those who believe that they may have been the victim of a phishing scam are being asked to change their passwords immediately.
Many hackers will attempt to launch a phishing scam by sending unsolicited emails to users with links to a website disguising itself as a familiar site such as Facebook or Whatsapp.
In the future, you should only enter your login details on websites or apps that you have navigated to yourself, not those that you have clicked on through an email link.
Meta say that they believe one scheme, which was active last year, involved creating more than 39,000 fake sites.
Jessica continued: “We proactively block and report instances of abuse to the hosting and security community.
“And Meta blocks and shares phishing URLs so other platforms can also block them.”