* Facebook says on Sept 25 its engineering team discovered security issue affecting almost 50 million accounts.

* Facebook says investigation is still in its early stages about latest security incident.

* Facebook says attackers exploited vulnerability in its code that impacted its “View As” feature.

* Facebook says since it just started the investigation, it has yet to determine whether these accounts were misused or any information was accessed.

* Facebook says co also does not know who is behind the attacks or where they are based.

* Facebook says attackers' exploitation of its code allowed them to steal Facebook access tokens that could be used to take over people’s accounts.

* Facebook says if it finds more affected accounts, it will immediately reset their access tokens.

* Facebook says fixed the vulnerability in Facebook’s code that impacted “View As” feature and informed law enforcement.

* Facebook says reset the access tokens of the almost 50 million accounts that it knows were affected to protect their security.

* Facebook says temporarily turning off its “View As” feature while conducting a security review.

* Facebook says also precautionarily resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year.

* Facebook says around 90 million people will now have to log back in to Facebook.

* Facebook says latest security incident stemmed from a change made to Facebook's video uploading feature in July 2017.