"As we look for other ways the people behind this attack used Facebook", the company said, "as well as the possibility of smaller-scale attacks, we'll continue to cooperate with the FBI, the US Federal Trade Commission, Irish Data Protection Commission, and other authorities". The Mark Zuckerberg-led company also said it was taking the precautionary measure of resetting access tokens for another 40 million accounts that were "subject to a "View As" look-up in the past year", bringing the total to 90 million accounts who will now have to log back into the service.
Facebook users can check if they are affected by visiting the website's help centre.
The breach came about after hackers stole "access tokens", which allow users to browse Facebook without having to login multiple times.
For 14 million victims, the attackers accessed a trove of user highly sensitive data, including gender, relationship status, religion, hometown, current city, birth date, devices used to log in, education, locations checked into, pages followed, recent searches, name, and contact details.
This action triggered a massive traffic spike, which Facebook engineers detected on September 16, and following investigations into the source of the traffic concluded it was a coordinated attack on September 26, patched the View As vulnerability on September 27, and went public with the breach on September 28.More news: World's longest non-stop commercial service takes flight
We now know that fewer people were impacted than we originally thought.
These details were exposed sometime between September 14 and September 25 this year, when the company first discovered the security breach due to a sudden uptick in activity.
The vulnerability the hackers exploited existed from July 2017 through late last month, when Facebook noticed an unusual increase in the use of its "view as" feature.
He said Facebook should perhaps offer free premium access to password managers and other similar software.
Hackers accessed much more private information in a recent Facebook breach than the social media giant previously revealed. The message content wasn't exposed except if the compromised account belonged to a page admin. The company said hackers were able to access personal information for almost half of those accounts. One million accounts were affected but hackers didn't gain information.