(Image source from: Al Jazeera)
The social media giant Facebook said it discovered a security breach affecting about 50 million user accounts.
Facebook on Friday said its engineering team found the security issue earlier this week, which stems from a change made to Facebook's video uploading feature in July 2017.
Facebook chief executive Officer Mark Zuckerberg said engineers discovered the breach on Tuesday and patched it on Thursday night.
"We don't know if any accounts were actually misused," Zuckerberg said. "This is a serious issue."
While the probe is still in its early stages, the company said hackers exploited the "View As" feature on the service.
"It's clear that attackers exploited a vulnerability in Facebook's code that impacted View As, a feature that lets people see what their own profile looks like to someone else," wrote Guy Rosen, vice president of product management at Facebook, in a blog post.
"This allowed them to steal Facebook access tokens, which they could then use to take over people's accounts. Access tokens are the equivalent of digital keys that keep people logged into Facebook so they don't need to re-enter their password every time they use the app."
To tackle the issue, Facebook reset some logins - 90 million people have been logged out and will have to log in again. That comprises anyone who has been subject to a View As lookup in the past year.
After they log back in, users will receive a notification at the top of their News Feed explaining what happened.
The View As feature will be temporarily turned off as they conduct a security review.
Facebook said it has taken steps to fix the security problem and alerted law enforcement but doesn't know who is behind the attacks.
Facebook has over two billion users across the world. Pursuing news of the security breach, the company's shares slumped more than three percent.
News broke early this year that a data analytics firm that once worked for the United States President Donald Trump's campaign, Cambridge Analytica, had gained access to personal data from millions of user profiles.
By Sowmya Sangam