Facebook on Friday disclosed a breach of its network that affected nearly 50 million user accounts.
Rosen claimed the vulnerability has been fixed and security agencies have been informed.
As a precaution, Facebook is temporarily taking down the "view as" feature - described as a privacy tool to let users see how their own profiles would look to other people. The firm said that attackers had exploited the vulnerability and which leaked Facebook access token - the equivalent of digital keys - that gave attackers access to users' accounts.
In response to discovering the attack, Facebook reset the access tokens of the 50 million accounts it found to be compromised, which will require those users to enter their password to log back in.
The "View As" feature allows people to see their account as others view it.
"We also do a pre-emptive move to update the access tokens even for the 40 million accounts that were viewed via the "View as" over the past year". Facebook also says there is no need to change your password. With your access token, an attacker could take over your account and use it as if they were you.
Facebook has more than two billion users worldwide. "After they have logged back in, people will get a notification at the top of their News Feed explaining what happened", Rosen said".
As they have just started their investigation, it is not known how many account, if any, were affected by this vulnerability.
It is believed that the latest security incident stemmed from a change made to Facebook's video feature in July 2017.
Cybersecurity reporter Brendan Bordelon said on Twitter that Facebook "discovered the vulnerability Tuesday, notified the Federal Bureau of Investigation and Irish DPA on Wednesday, fixed it on Thursday and notified us on Friday". "And we don't yet know who was behind these attacks and where they might be based". That means that roughly 90 million people have been logged out of Facebook and will have to login the next time they visit.
The View As feature has been taken down. The engineers have also reset the access tokens to protect the security of the affected accounts.