Facebook is reviving a version of a privacy feature that it disabled last year after hackers exploited it to steal users’ access tokens – the keys that allow users to stay logged into Facebook without having to re-enter their password every time they use the app.

The stolen access tokens granted attackers access to all of the affected users’ data, including anything you can see, read, download or change when you log in to Facebook.

Facebook discovered the breach in September.

Initially, the company thought that 50 million accounts had been affected, and it reset another 40 million as a precautionary step. In October, it downgraded the number to about 30 million accounts – still a huge number of users whose phone numbers, emails and other information were compromised.