Facebook was recently hacked as the company says it recently discovered a security breach affecting nearly 50 million user accounts.
The hack is the latest setback for Facebook during a year of tumult for the global social media service.
The security flaw could have allowed 50 million accounts to be taken over by hackers.
In a blog post, the company says hackers exploited a bug that affected its “View As” feature, which lets people see what their profiles look like to someone else. That would let attackers steal the “access tokens” Facebook uses to keep people logged in. Possession of those tokens would allow attackers to “seize control” of user accounts, Facebook said.
“It’s clear that attackers exploited a vulnerability in Facebook’s code,” vice president of product management Guy Rosen said in a blog post.
“We’ve fixed the vulnerability and informed law enforcement.”
To deal with the issue, Facebook reset some logins, so 90 million people have been logged out and will have to log in again. That includes anyone who has been subject to a “View As” lookup in the past year.
Facebook says it doesn’t know who is behind the attacks or where they’re based. In a call with reporters on Friday, CEO Mark Zuckerberg said that the company doesn’t know yet if any of the accounts that were hacked were misused.