Facebook hackers who compromised the security of millions of users trawled through lists of friends, the company has revealed.
People's phone numbers and email addresses may have been read, the social network has admitted.
It also said it had "not ruled out the possibility of smaller-scale attacks".
The firm said last month that a feature called "View As", which allows users to see what their profile looks like to someone else, had become vulnerable.
That stemmed from a change the California-based company made to its video uploading feature in July 2017.
In a new update issued on Friday, Facebook said the "attackers" accessed two sets of information belonging to 15 million people – name and contact details.
These could include both phone number and email, it said, "depending on what people had on their profiles".
For a further 14 million people, hackers accessed the same information, plus "other details people had on their profiles".
The company said: "This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or pages they follow, and the 15 most recent searches."
The accounts were found after the hackers initially stole the access tokens of "about 400,000 people", using an "automated technique to move from account to account".
The company added: "This technique automatically loaded those accounts' Facebook profiles, mirroring what these 400,000 people would have seen when looking at their own profiles.
"That includes posts on their timelines, their lists of friends, groups they are members of, and the names of recent Messenger conversations."
After saying last month that about 50 million people were affected, Facebook has now revised that figure down to 30 million.
One million people's information was not accessed at all, it said.
The attack "did not include Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts".
Vice President of Product Management, Guy Rosen, said staff had been "working around the clock to investigate".
He added: "We're cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack."
More from Facebook
Facebook said people could check whether they were affected by going to its help centre.
It also said it would be sending "customised messages to the 30 million people affected to explain what information the attackers might have accessed".