A hacker gained access to nearly 50 million Facebook user accounts by exploiting a weakness in the social network’s systems, Facebook said on Friday.

News of the cyber attack — which appears to be one of the most significant in Facebook’s history — sent shares of the company down roughly 3% in midday trading on Friday, adding to the pile of woes currently weighing on the company.

Facebook CEO Mark Zuckerberg hosted a conference call with journalists shortly after the news was announced, underscoring the severity of the situation.

“We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more,” Zuckerberg said in a blog post published on Friday.

The Silicon Valley tech firm said it discovered on Tuesday that an unknown attacker, or attackers, had taken advantage of a security flaw to take over users’ accounts. The flaw was related to the “View As” feature that lets people see what their own profile looks like through the eyes of another user, Facebook explained.

“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”

Facebook says it’s not yet clear who is behind the attack.

On the conference call, Rosen said that there was no evidence that users’ private messages had been compromised, but cautioned that that could change as the process continues. It’s also not clear on what grounds people were targered, or why.

Now tell us what you think!

Do you work at Facebook? Got a tip? Contact this reporter via Signal or WhatsApp at +1 (650) 636-6268 using a non-work phone, email at rprice@businessinsider.com, WeChat at robaeprice, or Twitter DM at @robaeprice. (PR pitches by email only, please.)You can also contact Business Insider securely via SecureDrop.

Now read: