Facebook says no fewer than 50 million of its users were left exposed by a security flaw.
The company said attackers were able to exploit a vulnerability in a feature known as “View As” to gain control of people’s accounts.
The breach was discovered on Tuesday, Facebook said, and it has informed police.
Users that had potentially been affected were prompted to re-log-in on Friday.
The flaw has been fixed, wrote the firm’s vice-president of product management, Guy Rosen, adding all affected accounts had been reset, as well as another 40 million “as a precautionary step”.
Facebook – which saw its share price drop more than 3% on Friday – has more than two billion active monthly users.
The company has confirmed to reporters that the breach would allow hackers to log in to other accounts that use Facebook’s system, of which there are many.