The Data Protection Commission has said it understands that up to five million European Facebook accounts were hit in last week's data breach at the company.
The Commission said it understands the number of EU accounts hit was less than 10% of the 50 million affected by the breach.
In a statement this evening, the Commission said that Facebook has assured it that the company will be in a position to provide a more detailed breakdown of affected accounts soon.
It is not yet clear how many accounts impacted by the breach are in Ireland.
Last week, Facebook said that up to 50 million user accounts may have been compromised by hackers.
The issue arose when attackers exploited a vulnerability in the social network's code for "View As" - a feature that lets people see what their own profile looks like to someone else.
This enabled them to steal access tokens which they could then use to take over people's accounts, the social media giant said.
The issue was discovered on Tuesday 25 September by the company’s engineering team.
It says it cannot say yet whether the accounts were misused or any information accessed, nor does it know who was responsible for the breach.
As another precaution, the company is also turning off the "View As" feature temporarily while it conducts a review.
UPDATE Facebook data breach - @DPCIreland understands that the number of potentially affected EU accounts is less than 10% of the 50 million accounts in total potentially affected by the security breach. DPC Ireland statement beneath. #dataprotection #GDPR #EUdataP pic.twitter.com/oSfGy6DP2S— Data Protection Commission Ireland (@DPCIreland) October 1, 2018