Facebook says hackers accessed data from 29 million accounts as part of the security breach disclosed two weeks ago.
The exact number hadn't been known before. Originally Facebook said 50 million accounts could have been affected, but Facebook didn't know if they had been misused.
The hackers accessed name, email addresses or phone numbers from those 29 million accounts.
For 14 million of those accounts, hackers got even more data, such as hometown, birthdate, the last 10 places they checked into or 15 most recent searches. One million accounts were affected but hackers didn't gain information. The social media service plans to send messages to people whose accounts were hacked.
Facebook says third-party apps and Facebook apps like WhatsApp and Instagram were unaffected by the breach.
Guy Rosen, Facebook's VP of Product Management, took to the social media giant's blog to discuss recent security problems on the site.
"We have been working around the clock to investigate the security issue we discovered and fixed two weeks ago so we can help people understand what information the attackers may have accessed," he wrote. He also noted the company has "not ruled out the possibility of smaller-scale attacks," and will continue to investigate.
"In the coming days, we’ll send customized messages to the 30 million people affected to explain what information the attackers might have accessed, as well as steps they can take to help protect themselves, including from suspicious emails, text messages, or calls," Rosen said.