Social media superpower Facebook announced on Friday that millions of the company’s users have been victims of a data breach. According to Reuters, hackers cracked login codes for “up to 50 million” accounts in what is being called the worst security incident in the company’s history.

“This is a very serious security issue, and we’re taking it very seriously,” said Facebook CEO Mark Zuckerberg while speaking to reporters, according to CNBC.

In response to the security breach, several U.S. lawmakers called for an increase in personal data protection laws.

“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users,” said Senator Mark Warner, via a statement.

According to Reuters, this latest incident actually began in 2017, although the company only discovered the issue on Tuesday.

Hackers were able to utilize an error in the website’s “View As” feature, which allows users to view their profiles as the public sees them. According to CNBC, “three separate bugs” helped hackers obtain crucial “access tokens,” which are “digital keys” that allow users to remain logged into their accounts, even after closing the browser. Facebook reset the about 90 million users’ tokens on Friday as a precaution. The “View As” feature was also temporarily disabled.

According to Market Watch, users who were automatically logged out of their account on Friday morning were likely victims of the breach. Experts encouraged affected users to change their password as well.

“Because the extent of the hack is unknown, we recommend that everyone with a Facebook account updates their Facebook password, as well as any similar passwords that they use for other online accounts,” said Dashlane CEO, Emmanuel Schalit, while speaking to Market Watch. “Each of your online accounts should have a unique, complex password — this is especially true of accounts that contain sensitive personal information like social media accounts, banking accounts, and email accounts.”