Facebook said on Friday that hackers accessed personal data of 29 million users in a breach at the world's leading social network disclosed late last month.
The company had originally said up to 50 million accounts were affected in a cyberattack that exploited a trio of software flaws to steal 'access tokens' that enable people to automatically log back onto the platform.
'We now know that fewer people were impacted than we originally thought,' Facebook vice president of product management Guy Rosen said in an online post.
The hackers accessed the names, phone numbers, and email addresses of 15 million users, he said.
For another 14 million people, the attack was potentially more damaging.
Cyberattackers accessed that data plus additional information including gender, religion, hometown, birth date, and places they had recently 'checked in' to as visiting, according to Facebook.
No data was accessed in the accounts of the remaining one million people whose 'access tokens' were stolen, according to Rosen.
The attack did not affect Facebook-owned Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts, the company says.
Facebook said engineers discovered a breach on September 25 and had it patched two days later.
That breach allegedly related to a 'view as' feature -- described as a privacy tool to let users see how their profiles look to other people.
That function has been disabled for the time being as a precaution. -- Agencies