Facebook is still trying to figure out how the hackers who compromised as many as 50 million accounts used them, including whether they obtained private data or made unauthorized posts.

"This is a really serious security issue," Mark Zuckerberg, the company's founder and chief executive officer, told reporters on Friday. While Facebook has already patched the flaw that the cyberattackers exploited, "we need to do more to prevent this from happening in the first place," he said. "We're going to keep investing very heavily in security going forward."

The Menlo Park, Calif.-based social media giant, already under scrutiny after the disclosure earlier this year that a consultant on President Trump's 2016 campaign improperly gained access to information on 87 million users, has notified the FBI and a European regulator about the breached accounts, executives said.

“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” Guy Rosen, Facebook’s vice president of product management, said in a statement on the incident. “We also don’t know who’s behind these attacks or where they’re based.”

Rosen told reporters the company hasn't yet determined whether a specific geographic region was targeted either but noted that the investigation is still in its early stages.

Facebook discovered the problem on Tuesday, when the company realized that hackers had “exploited” a user option that “allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.”

The "View As" feature that was exploited, which allowed users to see how their privacy choices affected their profile's appearance to other people, has been temporarily disabled, executives said.

Facebook has reset the tokens for the 50 million affected accounts, which will require those users to log in again, as well as an additional 40 million accounts.

“This attack exploited the complex interaction of multiple issues in our code,” Rosen wrote. “The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.”

The company's shares fell 2.6 percent to $164.46 in New York trading on Friday, broadening their decline so far this year to 6.9 percent as Zuckerberg focuses on security improvements and artificial-intelligence algorithms that can help identify false or misleading content. The company said earlier in Stepmber that it's building a "war room" to prevent election-manipulation attempts like those in 2016, when Russian agents used the social media platform to influence and inflame American voters.

Facebook says it's blocking millions of fake accounts a day and has disabled a total of 1.3 billion between October 2017 and March.

"It's been a tough year" for the company, Adam Levin, the founder of identity-protection firm CyberScout and a former director of the New Jersey Division of Consumer Affairs, told the Washington Examiner. "By virtue of who they are and what they do, they're a target of hackers. If you wish to influence large bodies of people and access large amounts of data, there's nothing more delicious than a platform with billions of users."

Facebook's rapid disclosure of the breach shows that companies are recognizing the need to inform users immediately so they can protect themselves and their information, he noted. Last year, credit bureau Equifax was lambasted in Congress when it waited months to disclose that hackers had stolen personal identification data for 145 million people, nearly half the population of the U.S.

Corporate executives realize they're operating in a world where breaches have become a business certainty and "organizations will be held more and more to account," Levin said. "Even as consumers, we may not have done enough. We've been willing to sacrifice a great deal just to get access to whatever we wanted to do."