Two weeks ago, Facebook announced that 50 million users were affected, with the possibility of an additional 40 million, so the company reset the "access tokens" or digital keys of the 90 million accounts.
The breach forced users to log back into their accounts.
On Friday, the company said there were actually fewer users -- 30 million -- who were affected by the breach.
But the hackers went deeper into users' profiles than initially thought, the company also said Friday.
Nearly half of those impacted -- approximately 14 million users -- had their username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches," the company's vice president of product management Guy Rosen, wrote in a blog post.
These details were exposed sometime between Sept. 14 and Sept. 25 this year, when the company first discovered the security breach due to a sudden uptick in activity. But the software bugs made user information vulnerable from July 2017 to September 2018.
Previously, the company said only profile information exposed in the “View As” feature was accessed, which is basically a user’s name, gender and hometown.