Attackers did not access any information for the remaining one million users.
In a statement the Data Protection Commission described the update as "significant", as it confirmed that the personal details of millions of Facebook users was accessed by hackers.
For one million accounts affected by the recent breach, hackers didn't gain any information, according to Facebook.
The attackers took profile details such as birth dates, employers, education history, religious preference, types of devices used, pages followed and recent searches and location check-ins from 14 million users. However, hackers were able to read messages sent to users who were administrators of Facebook pages.
It said: 'On the afternoon of Tuesday, 25 September, our engineering team discovered a security issue affecting nearly 50 million accounts.
The breach forced users to log back into their accounts. According to TechCrunch, the company is cooperating with the Federal Bureau of Investigation, but are not allowed to speculate about who may be behind the attack. Access tokens obtained through a bug in the site's "View as ..." feature allowed hackers to sift through accounts and access sensitive data.
Shedding new light on the hack, Mr Rosen said the attackers used an "automated technique" to move from account to account stealing tokens of friends-of-friends, "totalling about 400,000 people".
That breach allegedly related to a "view as" feature - described as a privacy tool to let users see how their profiles look to other people.
What may have motivated the attackers is still unclear; despite mounting concerns about election security as USA officials count down to a highly contested midterm election, Facebook said there was no indication the hack was specifically related to the US electoral process.
Facebook Vice President Guy Rosen said in a call with reporters on Friday the company hasn't ruled out the possibility of smaller-scale efforts to exploit the same vulnerability that the hackers used before it was disabled. The company had initially said 50 million accounts were affected.
You can check whether you were affected by visiting Facebook's Help Center and scrolling down to the bottom, where you'll see a notice like this, which will indicate whether you were or weren't hacked.
The revelation is the latest black eye for Facebook as it tries to recover from the scandal that came to light earlier this year in which Cambridge Analytica funneled highly personal details of more than 80 million users to an organization supporting then-presidential candidate Donald Trump.