Social media compnay, Facebook on Friday announced that up to 50 million accounts were breached in a security flaw exploited by hackers.
The company says hackers exploited the "view as" feature on the service.
The feature, described as a privacy tool, let user see how their own profiles would look to other people.
The social network giant said that it learned this week of the attack that allowed hackers to steal "access tokens," the equivalent of digital keys that enable them to access their accounts.
"It's clear that attackers exploited a vulnerability in Facebook's code," vice president of product management Guy Rosen said in a blog post.
We've fixed the vulnerability and informed law enforcement."
Facebook chief executive Mark Zuckerberg said engineers discovered the breach on Tuesday, and patched it on Thursday night.
"We don't know if any accounts were actually misused," Zuckerberg said.
"This is a serious issue."
As a precaution, Facebook is temporarily taking down the "view as" feature.