The new details come two weeks after Facebook first announced that attackers had access to 50 million users' accounts -- meaning they could have logged in as those users. Facebook said on Friday that, "We now know that fewer people were impacted than we originally thought," and said that 30 million people had been impacted.
For the 14 million worst hit by the breach, the attackers were able to access the following information, Facebook said: "username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches."
Facebook said it will send a message to the 30 million users affected in the coming days.
The company also said it is cooperating with the FBI, the Federal Trade Commission and the Irish Data Protection Commission.
Facebook is regulated by Irish authorities in Europe as its European headquarters is located there. A spokesperson for the Irish data regulator said of Friday's announcement, "The update from Facebook today is significant now that Facebook has confirmed that the personal data of millions of users was taken by the perpetrators of the attack."
Despite Friday's announcement, there are still many details about the hack that have not been made public, including who was behind it.
The attack prompted Facebook to take the unprecedented step of logging out the 50 million users whose accounts were exposed and logged out another 40 million users as a precautionary measure.