He said users' accounts have already been secured by the Facebook two weeks ago and they do not need to log out again or change their passwords.
"We're cooperating with the Federal Bureau of Investigation, which is actively investigating and asked us not to discuss who may be behind this attack", Facebook said.
Still, hackers neither accessed personal messages nor financial data and did not use Facebook logins to access other websites, all of which would have been a cause for greater concern.
Additionally, the hackers also stole information in regard to name and contact details of the accounts of another 15 million accounts, although they did not gain access to the information of accounts of one million people.
The company has a website its 2 billion global users can use to check if their accounts have been accessed, and if so, exactly what information was stolen.
AT THE END of last month, Facebook made a bombshell disclosure: As many as 90 million of its users may have had their so-called access tokens-which keep you logged into your account, so you don't have to sign in every time-stolen by hackers.
Out of those 29 million accounts, hackers were able to name and contact details (phone number, email, or both, depending on what people had on their profiles) of 15 million people.
Responding to a question, he said, the company will be notifying people through Facebook so that they can understand what information was accessed from their account and which group they were part of.
They had access to the information posted on the wall, groups, names of conversations and friends lists. In all, the three-bug vulnerability that they exploited was active for more than two years. The tech company has now issued an update that allows users to check whether they have been the victim of the data breach. The company said it hasn't ruled out the possibility of smaller-scale attacks that used the same vulnerability.
Facebook has been cooperating with the FBI, the US Federal Trade Commission, the Irish Data Protection Commission and other authorities.
The breach, Facebook's worst ever, has exacerbated concerns among users, politicians and investors that the company is not doing enough to safeguard data, particularly in the wake of the Cambridge Analytica data scandal. The message content wasn't exposed except if the compromised account belonged to a page admin. That expanded to "friends of friends", extending their access to about 400,000 accounts, and went on from there to reach 30 million accounts.