Facebook dropped a bombshell piece of news late this week revealing that its engineering team discovered a massive security issue affecting almost 50 million accounts. The flaw could have allowed hackers to access a user’s account by obtaining their unique security token.

According to the company, it has fixed the problem and alerted law enforcement. That last bit of information is notable, because it indicates that this wasn’t some loophole that Facebook discovered, but an actual attack. Facebook also said it will force about 90 million users to log back in to their accounts just to be safe. Additionally, Facebook shut down its “View As” feature, which lets you take a look at your own profile as seen by other users. Apparently, this tool was responsible for inadvertently revealing users’ security tokens.

“We do not yet know whether these accounts were misused but we are continuing to look into this,” Facebook founder and CEO Mark Zuckerberg wrote in a blog post on his personal Facebook page. “While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place.”

Facebook deserves some credit for being transparent about this problem, but Zuckerberg is right — security breaches this enormous should not still be happening to the world’s most popular social media platform.