Facebook has confirmed that millions of users did in fact have personal data accessed during a serious security breach disclosed late last month.
Initially, the social media giant estimated that 50 million accounts were affected by the hack, but said it was not clear whether any information had actually been stolen.
Facebook has revised the total number of affected users down to around 30 million. But it has also confirmed that hackers accessed personal details in most of those cases — including, for about half of those users, recent searches and locations.
Facebook would not discuss a suspect or a motive, at the FBI's request. The bureau is actively investigating the breach.
As NPR has previously reported, the hack exploited three separate bugs in Facebook's code. No passwords were actually compromised, but the hackers were able to gain "access tokens" that let them use accounts as though they were logged in as another person. In late September, Facebook detected unusual activity, discovered the bugs and disabled them.