The data breach Facebook disclosed two weeks ago isn't as bad as the company first thought, with the number of affected users now dropping from 50 million to 29 million following a more thorough investigation, Product Management VP Guy Rosen said Friday.
In a statement, Facebook said that hackers accessed the name, contact details and other information of the accounts of 14 million people.
To determine if a user's Facebook account was compromised by the hack, Facebook debuted a support page that tells people whether they were impacted and what kind of data may be leaked.
Facebook cut the number of affected users from its original estimate after investigators reviewed activity on accounts that may have been affected.
A report by AFP said that Facebook had originally said up to 50 million accounts were affected in a cyberattack that exploited a trio of software flaws to steal "access tokens" that enable people to automatically log back into the social network.
The exploit allowed hackers to steal copies of access tokens from accounts of "friends" by using the "view as" feature.
That breach allegedly related to a "view as" feature - described as a privacy tool to let users see how their profiles look to other people.
The attackers used a portion of these 400,000 people's lists of friends to steal access tokens for about 30 million people.
On September 28, Facebook said a newly discovered flaw in the social media platform may have given hackers access to nearly 50 million accounts.
Regulators around the world have launched inquiries into another matter: How profile details from 87 million Facebook users were improperly accessed by political data firm Cambridge Analytica.
He said the FBI has asked the company " not to discuss who may be behind this attack" or to share other details that could compromise its investigation.
What may have motivated the attackers is still unclear; despite mounting concerns about election security as US officials count down to a highly contested midterm election, Facebook said there was no indication the hack was specifically related to the USA electoral process. There had been concerns about whether hackers could access outside apps that use Facebook login credentials, but that turns out not to have been the case.
The hackers used an automated program to move from account to account and harvest the data quickly.
The company had initially said 50m accounts were affected but now revised it "only" 30 million.
A company executive said on a conference call that Facebook will not provide country-by-country breakdowns of the affected users.
Facebook data breach: Here is how to find out if your data was stolen and what to do.
While Facebook has cautioned that the attack was not as large as it had originally anticipated - it forced 90 million users to log out so the security of their profiles would reset - the details of what was stolen anxious security experts.
This was clearly an intentional, malicious theft of user data from Facebook, and some of that data is very granular. Message content was not available to the attackers, with one exception.
Last month, Facebook reset the tokens of almost 50 million accounts that it believed were affected and, as a precaution, also reset the tokens for another 40 million accounts that had used "View As" in the past year.