Social media giant Facebook on Friday said hackers stole personal details of 29 million people last month. They stole names and contact details of 15 million people, and names, contact details and other personal information such as username, gender, relationship status, religion, current location of 14 million individuals. While they procured access tokens for another one million Facebook users, the hackers did not steal any data in this case.

In September, Facebook had said that hackers had stolen digital log-in codes to take over nearly 50 million user accounts. “We now know that fewer people were impacted than we originally thought,” the social media firm said. “Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen.”

In September, the social media company said hackers exploited the “View As” feature on the website. The feature lets the user see how their profile looks to other people on Facebook. “This allowed them to steal Facebook access tokens, which they could then use to take over people’s accounts,” it added.

On Friday, Facebook said the hackers used friends lists of about 4,00,000 people to steal access tokens for 30 million individuals. The company added that people can check if they were affected by visiting the Facebook Help Center. “In the coming days, we’ll send customized messages to the 30 million people affected to explain what information the attackers might have accessed, as well as steps they can take to help protect themselves,” the firm said.

“We’re cooperating with the Federal Bureau of Investigation, which is actively investigating and asked us not to discuss who may be behind this attack,” the company said.