Facebook on Friday disclosed its new security breach that has affected around 50 million accounts. Following an investigation, Guy Rosen, VP of product management told the publication house that the social network uncovered this breach on Tuesday and is still working on the full scope of the attack.

Furthermore, he added that the company has no idea about hackers till now but has already uncovered how the attack worked. They found that the unknown hackers exploited three facebook’s vulnerabilities. They corrupt facebook’s “view as” feature which enables you to see how your profile looks like to the public or a specific individual. For now, Facebook is resetting the tokens as a precaution for another 40 million accounts “that have been subject to a ‘View As’ look-up in the last year”.

“The exploited vulnerabilities are connected to a video-uploading function Facebook added in July 2017”, wrote in announcement.

The attackers even succeed in stealing Facebook access tokens — aka “digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” Rosen explained. If anyone gets approach to your facebook access token then he/she may easily take over your account and use it as if they were you. By exploiting the three bugs, the attacker even steals the access token of anyone you’ve ever friended on the platform.

Facebook executives also added a statement “No actual passwords were taken, so a password reset is not necessary. No credit card information was affected”.