An attack on Facebook's network led to a breach affecting nearly 50 million of the social network's users, the New York Times reports.
On Facebook's blog, vice president of product management Guy Rosen wrote that the account was discovered on Sept. 25. It was based on the "View As" feature, which lets users see how their profiles appear to others.
The Times reports that it involved an exploit that allowed attackers to take over user accounts. Facebook told the newspaper that it doesn't know who the hackers are or where they came from, and that it has not "fully assessed the scope of the attack."
Facebook fixed the vulnerability and informed law enforcement, but also automatically logged out more than 90 million Facebook users to ensure only the actual users can get into their accounts. Rosen wrote that that includes "almost 50 million accounts we know were affected to protect their security," as well as another 40 million that were "subject to a 'View As'" in the last year.
"[I]f we find more affected accounts, we will immediately reset their access tokens," Rosen wrote. He also claims that "there’s no need for anyone to change their passwords," though doing so is never a bad idea.
This isn't the first security scandal Facebook has faced this year. In March, the Cambridge Analytica scandal broke, in which a data-mining firm got as many as 87 million Facebook users' personal information through a third-party app, some of which may have been used to craft and target ads for President Donald Trump's 2016 campaign. Since then, Facebook reduced what it shared with those apps, but it is still struggling to regain the trust of many users.