"For 15 million people, attackers accessed two sets of information - name and contact details (phone number, email, or both, depending on what people had on their profiles)", Mr Rosen wrote.
For roughly half the users affected by the breach, 14 million accounts, hackers were also able to collect even more information, such as birth dates, relationship status, lists of friends, posts they had written, recent search history, and geographic information from the last 10 locations that they had checked into or were tagged in on Facebook.
Rosen said the FBI investigation also limited what he could disclose about what the hackers' end-goal may have been, but maintained that Facebook had "no reason to believe this attack was related to the mid-term elections" in the U.S.
The company said it would message affected users over the coming days to tell them what type of information had been accessed in the attack.
Facebook shares fell 2.6 percent after the breach was announced last month and they were down 0.5 percent following the updated disclosures on Friday.
A company executive said on a conference call that Facebook will not provide country-by-country breakdowns of the affected users.
Facebook has released more details on the recent breach and it's a mix of good and bad news.
The attackers had access to a limited number of accounts to begin with, and it's not clear if these were bogus to begin with, but they were connected to other "friends" on the site.
African Billionaire Abducted in Tanzania
Mr Dewji is the owner and chief executive of the multibillion-dollar Mohammed Enterprises Tanzania Ltd (METL Group). Dar es Salaam regional commissioner Paul Makonda was among government officials who arrived at the scene.
The social network previously confirmed to The Register that the accounts of Facebook CEO Mark Zuckerberg and COO Sheryl Sandberg were among those affected. It determined that it was an attack on September 25.
The automated process the hackers used to target their Facebook friends would load their profiles through the "View As" tool, which let people see how their profiles looked to others.
As recounted by Rosen, the attackers took advantage of a vulnerability in Facebook's code that existed between July 2017 and September 2018.
Facebook is quick to point out that this breach did not reach Messenger itself, or Messenger Kids, Instagram, or a plethora of other Facebook-owned platforms and services. Message content was not available to the attackers, with one exception. One million accounts were affected but hackers didn't gain information.
This pool of 400,000 users allowed them to steal access tokens from the full 30 million, he continued.
While the investigation is still ongoing, Facebook is now notifying users if any of their data was compromised as a result of the hack.
But the hackers went deeper into users' profiles than initially thought, the company also said Friday.
"We have not ruled out the possibility of smaller-scale attacks, which we're continuing to investigate", he added.