"We now know that fewer people were impacted than we originally thought. Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen," Facebook said in a statement.
As the social media giant specified, they discovered the security breach two weeks ago.
"We have been working around the clock to investigate the security issue we discovered and fixed two weeks ago so we can help people understand what information the attackers may have accessed. Today, we're sharing details about the attack we've found that exploited this vulnerability. We have not ruled out the possibility of smaller-scale attacks, which we're continuing to investigate," the Facebook statement reads.
The social media giant elaborated that the attack has led to a suspension of the "View As" function.
Soon after the attack took place in September, Facebook reported of 50 million affected accounts, plus 40 million more accounts which had been subject to a "view as" look-up over the past year. However, the number of users affected by the breach turned out to be lower.