The large social network said it learned this week of the attack that allowed hackers to steal “access tokens,” the equivalent of digital keys that enable them to access their accounts.

“It’s clear that attackers exploited a vulnerability in Facebook’s code,” vice president of product management Guy Rosen said in a blog post. “We’ve fixed the vulnerability and informed law enforcement.”