The social media giant has learnt in its investigation that hackers had unauthorised access to approximately 30 million Facebook accounts.
Facebook (FB) released more information on its recent data breach on Friday, and confirmed that attackers took data from 29 million people.
Facebook said that 15 million people had seen their name and their personal contacts compromise and that further details had also been for 14 million other users. The attackers accessed even more details on 14 million of those users, including the area where they live, their relationship status, their religion, and part of their search history. Neither Instagram nor WhatsApp appears to have been compromised, the company added.
"There's not much more that Facebook can do", said Michael Pachter, an analyst with Wedbush Securities. Still, cybersecurity experts warned that attackers could use stolen information in targeted phishing scams.
But a trio of errors in Facebook's software enabled someone accessing the feature to post and browse from Facebook accounts of other users.
Twenty-nine million accounts had some form of information stolen.
Facebook has been quick to let users check exactly what was accessed.
That feature allows users to check privacy settings by glimpsing what their profile looks like to others. "Usually when you're looking at a sophisticated government operation, then a couple of thousand people hacked is a lot, but they usually know who they're going after".
Meghan Markle's Outfit for Latest Royal Wedding Sparks Pregnancy Speculation
But Jack will not receive a royal title as Princess Eugenie is not as close to the line of succession as Harry. At the time, the dress shoes already featured the same hole on the left sole, and appeared overall distressed.
People can check whether they were affected by visiting Facebook's Help Center. "For 1 million people, the attackers did not access any information", Facebook said on its official blog.
Moreover, the social networking website also revealed that no evidence was found that attackers used the stolen tokens to access any third-party apps, including those that use Facebook's single-sign-in to log in.
The California-based social network says it is cooperating with the FBI, US Federal Trade Commission, Irish Data Protection Commission and other authorities regarding the breach.
Facebook said users who were affected would get a message in the coming days with information on what they can do to best protect themselves and their privacy.
Facebook's lead European Union data regulator, the Irish Data Protection Commissioner, last week opened an investigation into the breach.
Last month, Facebook reset the tokens of almost 50 million accounts that it believed were affected and, as a precaution, also reset the tokens for another 40 million accounts that had used "View As" in the past year.
Access tokens work sort of like a digital set of keys and are what allow you to stay logged in with the Facebook app rather than entering your password every time you want to access the site. The company does note that it is not ruling out "small-scale attacks", either, and is investigating. Between the Cambridge Analytica scandal and a number of smaller incidents that followed once Facebook started investigating all third-party apps using its APIs this past spring, as well as the newly disclosed vulnerability, the company is now facing heavy scrutiny over its data management practices.