In late September, Facebook announced it had been hit by its worst-ever data breach, with hackers gaining access to tens of millions of users' accounts by taking advantage of the site's 'View As' feature.

Now, it appears the attack may have affected 'only' 30 million users, revised down from its earlier estimate of 50 million.

Facebook believes that about 15 million of those users' names, phone numbers, email addresses and other sensitive information was visible to the attackers.

About 14 million of that 30 million had an even wider scope of their personal data exposed to hackers, ranging from usernames, date of birth, the types of devices they used to login to Facebook and the last 10 places they checked into or were tagged in, as well as a myriad of other information.

Scroll down for video

Facebook's latest data breach may have affected only 30 million users, which is revised down from its earlier estimate of 50 million. CEO Mark Zuckerberg's firm discovered it last month

WHAT USER DATA WAS STOLEN? Approximately 14 million users may have had everything from their birth date to recent searches stolen, along with: Name

Email address

Phone number

Gender

Types of devices used to access Facebook

Language

Relationship status

Religion

Hometown

Current City

Work

Education

Website

10 most recent locations checked into or tagged in

15 most recent searches entered in Facebook search bar

People or Pages followed on Facebook Advertisement

A remaining 1 million users didn't have any personal information accessed as a result of the attack.

Facebook has determined no credit card numbers were exposed as a result of the attack.

The identity of the hackers continues to remain unclear.

Facebook says the FBI is investigating a major security breach of its service, but the company says authorities asked it not to discuss who may be behind the attack.

That suggests Facebook may know or suspect who's behind the breach.

In a call with reporters, Facebook gave scant details about the hack beyond who was affected, citing the fact that it remains an open investigation by the FBI and others.

Guy Rosen, Facebook's vice president of product management, apologized for the hack, saying: 'People's privacy and security are important to us, and we are sorry this happened.'

When Facebook disclosed the breach two weeks ago, company officials said they didn't know who was behind the attacks or where they might be based.

Since then, it has been 'working around the clock' to get to the bottom of the breach.

'We now know that fewer people were impacted than we originally thought,' Rosen said in a statement.

'Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen.'

Users will receive a personalized message on their Facebook News Feed giving them an update on how their account was impacted by the breach, which hit 30 million users

Access tokens work as digital keys, letting those who hold them log into Facebook accounts without entering a password.

In the call with reporters, Rosen was asked whether the information obtained by hackers was used on the Dark Web, or for any other purposes.

'We haven't seen any evidence of this being used yet,' Rosen explained.

Shedding new light on the hack, he said the attackers used an 'automated technique' to move from account to account stealing tokens of friends-of-friends, 'totalling about 400,000 people'.

This pool of 400,000 users allowed them to steal access tokens from the full 30 million, he continued.

HOW DID FACEBOOK'S 'WORST DATA BREACH EVER' HAPPEN? Facebook said it believes 30 million users were affected a result of the data breach it was hit with in late September. That's a marked decrease from its initial estimate of 50 million users. Along with that update, it said 15 million users out of the 30 million had their names and contact information accessed by hackers. Approximately 14 million had that information stolen, in addition a myriad of other data, including username, birthdate, gender, and 15 of their most recent searches. The social media giant has launched a dedicated webpage to check if you've been hit by the hack. Facebook believes 30 million users were affected a result of the data breach it was hit with in late September. That's a decrease from its initial estimate of 50 million users Here's how you can tell if you've been hacked: Visit the Facebook Help center link after logging into your Facebook account.

Scroll down to the section with the header: 'Is my Facebook account impacted by this security issue?'

Users will be given a 'Yes' or 'No' answer. For users that weren't affected, they don't need to take any immediate steps.

For users who were affected, Facebook will give users a list of data they believe was accessed by hackers.

Affected users will be able to discern whether they were part of the 15 million users whose name and contact information was accessed, or the 14 million that had broader information accessed.

They may also be part of the 1 million users whose access token was stolen, but no personal information was accessed.

Users should receive a 'customized message' in the next few days telling them further preventative measures they can take to protect their account. Advertisement

He wrote: 'For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles).

'For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles.

'This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.

'For 1 million people, the attackers did not access any information.'

Messages between accounts were not compromised by the hackers, Rosen said on Friday, except if the person was a page admin whose page had received a message

When users access Facebook's Help page, they should scroll down to the heading that says 'Is my Facebook account impacted by this security issue?' There, it will say 'Yes' or 'No'

Mr Rosen said a combination of three bugs in the 'View As' feature, which lets users see what their profile looks like from the perspective of other accounts, made access tokens freely available to copy from the source code of the web page.

It was this vulnerability which allowed 'an external actor' to obtain access tokens, giving them the ability to log into, and take over, users' Facebook accounts and any of their other services, such as Spotify, Instagram or Tinder, which accept Facebook access tokens.

Facebook has since shut down the 'View As' feature as a result of the breach.

Messages between accounts were not compromised by the hackers, Rosen said on Friday, except if the person was a page admin whose page had received a message.

Users who weren't as lucky will see a breakdown on the information believed to have been accessed by hackers as a result of the breach, which took advantage of the 'View As' tool

Approximately 15 million users' contact info and names were accessed, while 14 million users' date of birth, gender, types of devices used to log into Facebook and more was accessed

Facebook staff first noticed an 'unusual spike of activity' that began on September 14.

The attack did not affect Facebook Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, payments, third-party apps, or advertising and developer accounts.

'As we look for other ways the people behind this attack used Facebook, as well as the possibility of smaller-scale attacks, we’ll continue to cooperate with the FBI, the US Federal Trade Commission, Irish Data Protection Commission, and other authorities,' Rosen said.

HOW DO YOU PROTECT YOURSELF? The best way to protect yourself is to set up two-step authentication. Two-factor authentication adds an extra layer of security to apps and websites by asking for both a password and a unique code when logging in. Once verified, if anyone tries to log into their account they will be sent an autentication code via text message. Even if a hacker has obtained the user's email address and password, they won't be able to access the account without this extra code. While the extra layer of security isn't completely hacker proof, it's far more robust. Also if users have different passwords for each account it means hackers will not be able to access all accounts in one go. Advertisement

On September 25, the trend was identified as an attack, prompting programmers to close the vulnerability, which happened within two days, the tech chief said.

'We're cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack,' his blog continued.

Facebook users can check if they are affected by visiting the website's help centre.