Facebook on Friday disclosed a security flaw which could have allowed 50 million accounts to be taken over by hackers.
The large social network said it learned this week of the attack that allowed hackers to steal “access tokens,” the equivalent of digital keys that enable them to access their accounts.
“It’s clear that attackers exploited a vulnerability in Facebook’s code,” vice president of product management Guy Rosen said in a blog post.
“We’ve fixed the vulnerability and informed law enforcement.”
In a blog post, the company says hackers exploited its “View As” feature, which lets people see what their profiles look like to someone else. Facebook says it has taken steps to fix the security problem and alerted law enforcement.
To deal with the issue, Facebook reset some logins, so 90 million people have been logged out and will have to log in again. That includes anyone who has been subject to a “View As” lookup in the past year.
Facebook says it doesn’t know who’s behind the attacks or where they are based.
The hack is the latest security headache for Facebook, which has been dealing with political disinformation campaigns from Russia and elsewhere since 2016.