The most massive hack in Facebook’s history happened last week. On late Friday, the social-media giant announced in a blog post that they discovered a cyber-security issue directly affecting nearly 50 million people, and causing problems to a total of 90 million people from all over the world. The affected Facebook users include US citizens.

Facebook learned about the issue on Tuesday last week and claimed to have resolved it by the end of Thursday. The hack forced Mark Zuckerberg’s team to reset the login tokens for another 40 million people ranking up the total of affected Facebook users to 90 million. While the first 50 million are known to have been directly affected, the token reset for the other 40 million has been done as a precaution by the social media conglomerate. As a result of the hack, roughly 90 million Facebook users have had to log back into Facebook, or any other apps that use the company’s login.

This means that if you’ve always been able to access your Facebook profile with only one click but over the last couple days you have been asked to suddenly type in a password when you are logging in from your phone, and you’ve seen a notification at the top of your News Feed explaining what happened, you are among the affected ones.

What happened?

A Facebook code vulnerability caused the data breach. Cybercriminals have been able to exploit the feature “View As” and steal Facebook access tokens. As you might already know, “View As” is a feature that lets Facebook users see what their profile looks like to someone else. The access tokens are similar to the digital keys that keep Facebook users logged continuously in so they don’t have to type in their password every time they want to access the app.

What was stolen?

Access to users’ Facebook accounts have been stolen, cyber-criminals have been able to get access to sensitive information such as the DOB of the affected people and their friends, Facebook activity history, full name, addresses and generally everything that you’ve shared on Facebook.

The incident has been reported to the authorities. Facebook apologized and confirmed that the breach has been massive and are still investigating that cause of the hack. It is currently unknown who is behind the attack and there is no concrete evidence about the country of origin of the hackers.

Should you change your password?

Facebook said that every affected platform user had been forced to log out and log back in. However, the social media platform confirmed that they are still investigating the issue and there might be new finding in the coming days. As a precaution, if you feel nervous, we advise you to change your password and keep changing it every three months. Sometimes it takes months, and even years, for companies to disclose data breaches. Last but not least, having an extra layer of security on all your connected devices is a must for everyone who is conscious about their online security.