Facebook announced a major new security breach on Friday.

50 million users accounts were affected by the attack, in which attackers were able to take over users' accounts.

It's not yet clear who's behind the attack.

A hacker gained access to nearly 50 million Facebook user accounts by exploiting a weakness in the social network's systems, Facebook said on Friday.

News of the cyber attack — which appears to be one of the most significant in Facebook's history — sent shares of the company down roughly 3% in midday trading on Friday, adding to the pile of woes currently weighing on the company.

Facebook CEO Mark Zuckerberg hosted a conference call with journalists shortly after the news was announced, underscoring the severity of the situation.

"We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more," Zuckerberg said in a blog post published on Friday.

The Silicon Valley tech firm said it discovered on Tuesday that an unknown attacker, or attackers, had taken advantage of a security flaw to take over users' accounts. The flaw was related to the "View As" feature that lets people see what their own profile looks like through the eyes of another user, Facebook explained.

"This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts," Facebook's VP of Product Management Guy Rosen wrote in a separate blog post.

"Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app."

Facebook says it's not yet clear who is behind the attack.

On the conference call, Rosen said that there was no evidence that users' private messages had been compromised, but cautioned that that could change as the process continues. It's also not clear on what grounds people were targered, or why.

The revelation comes a day after a famous Taiwanese hacker publicly declared plans to delete Zuckerberg's Facebook account and to livestream the feat. Facebook representatives said on the conference call that they did not believe the cyber attack was related to the Tawainese hacker.

Do you work at Facebook? Got a tip? Contact this reporter via Signal or WhatsApp at +1 (650) 636-6268 using a non-work phone, email at rprice@businessinsider.com, WeChat at robaeprice, or Twitter DM at @robaeprice. (PR pitches by email only, please.) You can also contact Business Insider securely via SecureDrop.

Now read: