The Facebook data breach was discovered on Tuesday afternoon after a company engineering team found that attackers exploited a vulnerability in Facebook’s code that impacted “View As,” a feature that allows users to see what their own profile looks like to someone else.

The vulnerability allowed attackers to steal Facebook access tokens—digital keys that keep people logged into Facebook without re-entering a password—which they could use to take over user accounts.

Law enforcement officials were notified immediately of the security breach, and Facebook is in the beginning stages of its investigation. Facebook has temporarily turned off the “View As” feature to conduct a thorough security review.

As a precaution, more than 90 million Facebook users were forced to log out of their accounts Friday morning. Facebook users will now have to log back in to Facebook, or any of their apps that use Facebook Login.

Facebook’s data-sharing and privacy practices have been increasingly under fire after concern surrounding the company’s involvement in the Russian disinformation campaign around the 2016 presidential election and the Cambridge Analytica scandal continues to grow.