While fewer Facebook users were affected than first reported, Facebook has revealed the extent of compromised information was greater for some than for others.
Facebook said the FBI is investigating, but asked the company not to discuss who may be behind the attack.
Facebook said that for a second group of 14 million people, the attackers accessed information including "username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches".
Facebooks recently-discovered data breach was more serious than originally anticipated.
Officials said third-party apps that use a Facebook login and Facebook apps like WhatsApp and Instagram were unaffected by the breach.
Facebook's latest security breach, which enabled hackers to access the personal information of around 30 million users, should be a "wake-up call" for all stakeholders, cyber security expert Pawan Duggal said.
The hack happened between September 14-27, according to officials, but they said the vulnerable code had been online from July 2017 to September 2018.
Umesh Yadav to replace Shardul Thakur in India's ODI squad
The second Test between India and West Indies is being telecast on Star Sports 1 and 1 HD, Hindi 1 and Hindi 1 HD and Tamil 1. Jason Holder picked up five wickets for West Indies while Shannon Gabriel took three wickets.
Appropriate To Step Down: MJ Akbar's Full Statement
She alleged that he called her to his room, offered her a drink (which she refused) and asked her to sit next to him on the bed. Ms Ramani did not name anyone in the original piece, but said in her tweet that the article had been about Mr Akbar.
Royal Tour: Prince Harry and Meghan Markle visit Melbourne day 3
A little boy in Australia broke royal protocol when he reached out to touch Prince Harry and the prince didn't seem to mind. Some members of the crowd gave the parents-to-be presents for their unborn child, including 10-year-old Courtney Pistone.
As I said in my October 4 article on the data breach, from a PR standpoint, Facebook seems to have acted swiftly. The attackers used an automated technique to move from one Facebook account to another by stealing access tokens of friends of those they have access and so on to a total of 400,000 users. To put a fine point on it, up 90 million accounts may have been compromised through a bug in Facebook's "access token" system, which is what keeps you logged on despite not opening the app every second of the day.
But, although highly personal information has been harvested from the profiles of 14 millions of the victims, Facebook has told the BBC that it does not plan, at this time, to provide them with free identity theft protection services.
The hackers were able to steal "access tokens", which allowed them to "take over people's accounts", officials said. They were able to do so by taking the help of these three distinct bugs in Facebook's code.
Facebook have confirmed that attackers used access tokens to gain unauthorised access to account information from approximately 30 million Facebook accounts.
As a precaution, Facebook turned off "View As" and said it is working with the Federal Bureau of Investigation to determine the parties that might be responsible for the attack.
"We take these incidents very, very seriously, and nothing is more important to us than the security of people's information", he said. "Usually when you're looking at a sophisticated government operation, then a couple of thousand people hacked is a lot, but they usually know who they're going after".