At the end of September, Facebook (FB) announced that potentially as many as 50 million users of the social network could have had their data accessed by hackers. The social media company offered an update on the situation on Friday, claiming that far fewer people actually had their data compromised.

Instead of 50 million, Facebook lowered the count to around 30 million. Since that is still a significant number of people who may have had personal information stolen, Facebook created a way for individual users to find out if their data was stolen.

Was my Facebook data stolen?

Facebook can definitively tell users if they were or were not affected by the data breach, but users need to seek that information out for themselves. The process is simple enough: Log into Facebook and then go to the site’s security page for the data breach. Scroll down to the bottom and one of two messages will be waiting, depending on the result.

Users whose accounts were not affected by the breach will be told as much. If a user’s account was affected, Facebook will tell them what kind of information may have been taken.

My data was stolen. What do I do?

Depending on what level of access the hackers used, they could have seen an affected account’s name, phone number, location history and more. Facebook already reset the “access tokens” that keep users logged in between sessions, which the hackers exploited to get into accounts.

That means the hackers no longer have access to any of the affected accounts. The company promised it was “actively working with law enforcement.”

Unfortunately, the only certain way for a user to protect the massive amount of personal information they give to Facebook is to delete their account. Facebook allows users to either temporarily deactivate or delete accounts. The latter option is the only one that guarantees deletion of personal data held by Facebook.

What happened?

Prior to the hack, Facebook had a site feature called “View As.” Users could click on the “View As” button to see how their profile would appear to another user. Thanks to what Facebook called a software bug, hackers were able to use the “View As” feature to obtain access tokens and infiltrate accounts.

The problem was fixed and all the access tokens were reset, but not before 30 million people potentially had their data stolen. Facebook disabled “View As” in the aftermath of the hack.