Some users of social media network Facebook on Friday filed a class-action complaint after the company announced that a recently-discovered security breach affected about 50 million accounts, Bloomberg reported.

The suit was filed in a federal court in Northern California soon after the company’s announcement. Personal information of users “was exposed due to a flaw in Facebook’s code that allowed hackers and other nefarious users to take over user accounts and siphon off personal information for unsavory and illegal purposes”, the complaint said.

Hackers exploited the “View As” feature on the website, Facebook said on Friday. The feature lets the user see how their profile looks to other people on Facebook. “This allowed them to steal Facebook access tokens, which they could then use to take over people’s accounts,” the company said in a blog post. “Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”

The company said it had fixed the problem and informed law enforcement officials, besides resetting the access tokens of around 90 million accounts. It has also turned off the “View As” feature temporarily.