For starters Facebook claims that the initial assessment of 50 million compromised accounts might have been higher than previously thought. Instead the company claims that out of the 50 million accounts that were thought to have been compromised, only 30 million actually had their tokens stolen.
Breaking this down further, Facebook says that for about 15 million users, the attackers were able to steal information such as their name and contact details (include phone numbers and/or emails). For about 14 million Facebook users, the attackers managed to steal information that included “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches”.
For the remaining 1 million users, Facebook claims that the attackers did not manage to access any information. Facebook also confirmed that they are working with the FBI and various government agencies (including international ones) to hopefully trace the hack and find the hackers behind them.