(RNN) - Facebook announced Friday that a security breach had affected around 50 million of its users accounts.
In a statement, the social media giant said its engineering team discovered the “security issue” Tuesday. The vulnerability has been fixed and law enforcement was informed, the company said.
“Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘view as,’ a feature that lets people see what their own profile looks like to someone else,” it said in the statement. “This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.”
Facebook said “access tokens” are the equivalent of digital keys, which keep people logged in so they don’t need to re-enter their password every time they use the app. The “view as” feature has been temporarily turned off for a security review.
They have yet to determine whether any private information was accessed or if accounts were misused, Facebook stated.
Facebook reset the access of the 50 million users, as well as an additional 40 million who had used “view as” in the last year. Those users will need to log back in to their accounts.
“People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened,” it stated. "There’s no need for anyone to change their passwords. But people who are having trouble logging back into Facebook - for example because they’ve forgotten their password - should visit our Help Center."
Anyone who wants to take the precautionary action of logging out should visit the “Security and Login” section in settings. It lists places people are logged into Facebook, with a one-click option to log out of them all.
Founder and CEO Mark Zuckerberg posted a similar notice on his Facebook page.