"We now know that fewer people were impacted than we originally thought", Facebook vice president of product management Guy Rosen said in a conference call updating the investigation.
Hackers stole neither personal messages nor financial data and did not use their access to accounts users' accounts on other websites, the company said.
Hackers were able to get their hands on "access tokens" in Facebook which allowed them to access compromised users' accounts and scrape their data.
For 14 million of the accounts, information included hometown, birthdate, the last 10 places they checked into or 15 most recent searches.
News of the hack emerged on 5 October when Facebook said it feared 50m users had been affected. Facebook said it would reach out to affected users about the potential hazards and details of the breach.
With an initial set of accounts under their control, the attackers, said Rosen, exploited the vulnerable code to run a script that collected access tokens from their friends and the friends of their friends, representing a group of about 400,000 people.
This attack vector apparently only affected a subset of 400,000 users, but it could still result in a significant backlash for the company. "For 14 million people, the attackers accessed the same two sets of information", Rosen wrote. As you can see, my account was not accessed. The hack involved a feature known as "View As", which enables users to see what their Facebook profile looks like when other users look at it.
Regardless of whether your account was affected, you might also want to consider deleting or deactivating your Facebook account, especially if you don't use it often. As it turns out, the data of almost 30 million users has been stolen in the breach, a Facebook investigation has now confirmed.
Despite Friday's announcement, there are still many details about the hack that have not been made public, including who was behind it and if the attackers were targeting particular users or countries.
If you are having difficulty seeing the security notice, it can be viewed here.
Of those 30 million, the hackers stole data from 29 million users.
So how did the attackers gain access to data from so many Facebook accounts? Scroll down to a light blue box with the title "Is my Facebook account impacted by this security issue?".
Patrick Moorhead, founder of Moor Insights & Strategy, said the breach appeared similar to identity theft breaches that have occurred at companies including Yahoo and Target in 2013.
It will also provide guidance on how to spot and deal with suspicious emails or texts.