As many as 90 million Facebook users will have to log back into their accounts after the social network admitted on Friday that hackers had stolen the security tokens associated with 50 million user profiles.
As a precaution, Facebook has reset the security tokens for the 50 million accounts as well as for 40 million others.
The attackers exploited Facebook's systems through a flaw in the company's "View As" feature, the company said, which allows a Facebook user to view his or her own profile as a friend, the public or another third party might see it.
While Facebook is still conducting its investigation, the company said it learned that the hackers used the feature to steal the access tokens that allow a user to reopen Facebook without having to log back in.
The incident prompted Facebook to disable the "View As" feature for the time being, and users are not being asked to change their passwords.
"People's privacy and security is incredibly important, and we're sorry this happened," Facebook said in a blog post. It's why we've taken immediate action to secure these accounts and let users know what happened."