NEW YORK (CBSNewYork) – The Federal Trade Commission is now investigating the latest scandal involving Facebook.

The data firm Cambridge Analytica is accused of improperly accessing the personal information of 50 million users. A former employee claims the company access the data without the users’ knowledge.

On Tuesday, the firm announced the suspension of CEO Alexander Nix, pending an investigation.

So how do you protect your privacy?

Roughly two billion people use Facebook, but it seems very few know the other apps within it that are lurking and watching, CBS2’s Reena Roy reported.

“Yeah, this is crazy,” one man said.

“Oh my gosh, there’s a lot here,” a woman agreed. “My shopping habits, my movies, my music.”

Roy had the same reaction when she opened her Facebook settings and found a long list of third-party apps, some she had never even heard of, looking at her personal information, including relationship status, photos, plus religious and political views.

“There’s third-party people who come in and are able to access user profiles and then harvest that data,” David Carnoy, executive editor of CNET.com, explained.

Some companies even got a look into Roy’s profile just because a friend of hers uses its app.

In turns out, many people opt into this kind of access when downloading apps without realizing just how much developers can see.

“You log onto Facebook and you always just like accept any of the security things, but you’re not really reading about what information they’re taking from you,” the woman said.

The good news is you can take away that access from developers, but you have to dig deep into your Facebook app to do so.

It’s not under security or privacy, like you might think. Instead, it’s under the Facebook “App Settings” page.

First, you go to “settings,” “account settings,” then scroll down to apps, click “logged in with Facebook,” then deselect any data you don’t want shared or delete the app altogether. Then, do the same under “apps others use,” so your friends can’t share your data either.

But to remove any existing information from the app’s servers, you have to report the app, then contact it directly.

Experts recommend frequently checking app permissions on social media sites, as privacy policies are constantly changing.