Facebook says right around 50 million of its clients were left uncovered by a security imperfection.
The organization said assailants could misuse a helplessness in an element referred to as "View As" to pick up control of individuals' records.
The rupture was found on Tuesday, Facebook stated, and it has educated police.
Clients that had conceivably been influenced were provoked to re-sign in on Friday.
The imperfection has been settled, composed the association's VP of item administration, Guy Rosen, including every single influenced account had been reset, and in addition another 40 million "as a preparatory advance".
Facebook - which saw its offer value drop over 3% on Friday - has in excess of two billion dynamic month to month clients.
The organization has affirmed to columnists that the rupture would enable programmers to sign in to different records that utilization Facebook's framework, of which there are many.
This implies other real destinations, for example, Airbnb and Tinder may likewise be influenced.
The firm would not say where on the planet the 50 million clients are, however it has educated Irish information controllers, where Facebook's European auxiliary is based.
The organization said the clients provoked to sign in again did not need to change their passwords.
"Since we've just barely begun our examination, we presently can't seem to decide if these records were abused or any data got to. We likewise don't have the foggiest idea about who's behind these assaults or where they're based. "
He included: "Individuals' protection and security are fantastically critical, and we're sad this occurred."
The organization has affirmed that Facebook organizer Mark Zuckerberg and its head working officer Sheryl Sandberg were among the 50 million records influenced.
Facebook's "View As" work is a security highlight that enables individuals to perceive what their very own profile looks to different clients, clarifying what data is visible to their companions, companions of companions, or the general population.
Aggressors found various bugs in this component that "enabled them to take Facebook to get to tokens, which they could then use to assume control over individuals' records", Mr Rosen clarified.
"Access tokens are what might as well be called computerized keys that keep individuals signed in to Facebook so they don't have to reemerge their secret key each time they utilize the application," he included.
The rupture comes when the firm is attempting to persuade officials in the US and past, that it is fit for ensuring client information.
Facebook organizer Mark Zuckerberg said on a telephone call on Friday that the firm considered security important, even with what he said were consistent assaults by terrible performing artists.
Be that as it may, Jeff Pollard, VP and essential expert at Forrester, said the reality Facebook held so much information implied it ought to be set up for such assaults.
"Aggressors go where the information is, and that has made Facebook an undeniable target," he said. "The primary worry here is that one element of the stage enabled assailants to reap the information of a huge number of clients.
"This shows Facebook needs to make restricting access to information a need for clients, APIs, and highlights."
At the point when asked by the BBC, Facebook was not able to say if the examination would investigate why the bugs were missed, or in the event that anybody at the organization would be considered responsible for the rupture.