The company has also reset the access tokens of the 50 million accounts that were known to have been breached, as well as 40 million accounts that have been subject to a "View As" look-up in the a year ago, as a precaution. Facebook has informed law enforcement agencies in the United States about the hack and are now investigating it.
Ireland's Data Protection Commission, which is Facebook's lead privacy regulator in Europe, said Saturday that it has demanded more information from the company about the nature and scale of the breach, including which European Union residents might be affected.
Facebook, however, doesn't know who was behind the attacks or where they're based. Julian Knight, a committee member, said: "It would be helpful to hear from Mr Zuckerberg, but I won't be holding my breath". Facebook has not offered details on what kind of data could have been compromised from third party apps.
That's why when you close the Facebook tab and open it up again later, you're still logged in.
Facebook is the largest social media platform in the world.
The BBC has asked Spotify and Tinder, both of which can be accessed via a Facebook log-in, whether their services have been affected as a result of the breach.
A spokesperson for Ancestry told CNN, "While Ancestry does support Facebook login for some functions, we always require an additional Ancestry username and password to access sensitive account functions such as downloading your DNA data, changing your password, changing your email address or accessing payment information".
We know of at least two high-profile victims in the data breach: Facebook CEO Mark Zuckerberg, and COO Sheryl Sandberg.
Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they do not need to re-enter their password every time they use the app. The "View As" feature has been temporarily suspended as the investigation by Facebook into the hack continues.
Facebook and sites like Google, Twitter and Tumblr are also accused of having allowed the spread through their networks of "fake news", including to manipulate public opinion ahead of the USA election in favour of Trump. The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.
Neither passwords or credit card information were taken, Rosen said.
The only way to actually avoid being caught up in this hack was to (1) not have a Facebook account, or (2) get lucky, and not be targeted by the hackers. The Facebook users have been suggested, in this matter, in view of recent reports that access tokens of 5 Crore users have been stolen by hackers.
Plaintiffs now fear that because of the Facebook breach their personal data may be easily accessible to hackers on the Dark Web. Preliminary investigation show these tokens were used to access posts, private messages or let the hackers post anything on the accounts.