Facebook discovered a security issue that allowed hackers to access information that could have let them take over around 50 million accounts, the company announced Friday.
"This is a very serious security issue, and we're taking it very seriously," said CEO Mark Zuckerberg on a call with reporters.
Facebook shares, which were already down about 1.5 percent before the announcement, extended losses after the disclosure and ended down 2.6 percent.
The company said in a blog post that its engineering team found on Tuesday that attackers identified a weakness in Facebook's code regarding its "View As" feature. Facebook became aware of a potential attack after it noticed a spike in user activity on Sept. 16.
"View As" lets users see what their profile looks like to other users on the platform. This vulnerability, which consisted of three separate bugs, also allowed the hackers to get access tokens — digital keys which let people stay logged into the service without having to re-enter their password — which could be used to control other people's accounts.