"From experience, breach notifications like this always tend to get worse as time goes on and information from investigations is shared with the public," said Jessy Irwin, the head of security at cybersecurity firm Tendermint. It has turned off the "View As" feature that the attackers exploited while it investigates. It has not determined if any specific locations or accounts were targeted. The company says it does not know if the affected accounts were misused in any way or if any user information was actually accessed. It's the largest hack ever for Facebook, a spokesperson said. It could have also impacted Instagram accounts that use the same login as Facebook, but Rosen said WhatsApp, which is also owned by Facebook, was not impacted. The attackers would have also been able to access third-party services or sites accessed with a Facebook login, Facebook's Guy Rosen said in a follow-up call with reporters on Friday, though it is not yet clear if they did so. All logged out users will receive a notification about the issue from Facebook, but it won't tell them if they were in the group of 50 million impacted or 40 million included as a precaution. Users do not need to take any additional security precautions or reset their passwords, said Facebook. The accounts of Facebook CEO Mark Zuckerberg and COO Sheryl Sandberg were among the 90 million accounts forcibly logged out by Facebook. More than 90 million users were forcibly logged out of their accounts by Facebook and had to log back in on Friday for security reasons. The commission said it received the notification, but expressed concern with its timing and lack of detail. It has also informed the Irish Data Protection Commission about the breach, a step required by Europe's GDPR regulations. It also said it has already fixed the issue and informed the FBI and other law enforcement, as well as lawmakers and regulators. Facebook ( FB) said it does not know who the attackers were or where they were based.