Facebook says it was a victim of a virtual attack and almost 50 million user accounts have been affected.
An engineering team at social media giant found the security breach on Tuesday, saying the attack allowed whoever was behind it to "steal Facebook access tokens which they could then use to take over people’s accounts."
Access tokens, according to Facebook, "are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app."
Engineers fixed the security issue by resetting the digital keys to the nearly 50 million affected accounts, in addition to resetting the keys to 40 million more accounts that were vulnerable.
If you were among the 90 million vulnerable accounts, you've been logged out and will have to sign in again. You do not need to reset your password, and once you're logged back in you'll receive a notification at the top of your feed explaining what happened.
It remains unclear if any of the 50 million affected accounts were misused or if any information was stolen.
"People’s privacy and security is incredibly important, and we’re sorry this happened," Facebook said in the release.
Who carried out the attack is unclear and the case remains under investigation.