Facebook said hackers stole names and contact details of 29 million users when a mass security breach was reported by the social media network on September 25.
Facebook on Friday revealed the extent of damage caused when hackers used stolen digital log-in codes to take over 50 million accounts. According to the company, 14 million users had their data including date of births, education details, employers and friends list stolen, while 15 million users had their name and contact details stolen. An automated program was used by hackers to move from account to account to gather data quickly.
The company says fraudsters using the stolen data can pose as Facebook, employer or a friend and then send an email to users tricking them into providing login information on a fake Facebook page or clicking an attachment which would infect their computers.
Facebook says it will send customised messages to the affected users to inform them about the extent of information hackers have accessed and how can they protect themselves from calls, text messages and spurious emails.
The breach, which has been the worst ever in the social media company's history, has raised concern among users, lawmakers and investors that Facebook is not taking data security seriously and has not built enough safety safeguards in the system in wake of the Cambridge Analytica data scandal.
However, personal messages or financial data were not accessed and neither did attackers use Facebook logins to access other websites, all of which would have caused greater concern.
In a blog post, Facebook says it is cooperating with FBI, which is investigating the breach.
According to analysts, Facebook can't do much more in the case and the problem is likely to persist for some time as the stolen data will be used by the hackers.
Though the latest vulnerability in Facebook has existed since July 2017, it was first identified in September this year after an inexplicable increase in use of "view as" feature was spotted.
"View as" allows users to see how their profile looks like to other Facebook users but software errors allowed someone accessing this feature to post and browse from accounts of other users.