An attack on Facebook discovered earlier this week exposed information on nearly 50 million of the social network’s users, the company announced Friday.

The attackers exploited a feature called “View as” that lets users see their Facebook page the way someone else would. The attackers could then potentially use it to take over the accounts and use them exactly as if they were the account holders.

Facebook (FB) said it does not know who the attackers were or where they were based. It also said it has already fixed the issue and informed the FBI and other law enforcement, as well as lawmakers and regulators. It has also informed the Irish Data Protection Commission about the breach, a step required by Europe’s GDPR regulations. The commission said it received the notification, but expressed concern with its timing and lack of detail.

More than 90 million users were forcibly logged out of their accounts by Facebook and had to log back in on Friday for security reasons. Users do not need to take any additional security precautions or reset their passwords, said Facebook. All logged out users will receive a notification about the issue from Facebook.

The company says it does not know if the affected accounts were misused in any way or if any user information was actually accessed. It has not determined if any specific locations or accounts were targeted. It has turned off the “View As” feature that the attackers exploited while it investigates.

[more at cnn.com]