Ron Bowles, an online security consultant, used a code to scan Facebook profiles, collected data not hidden by users' privacy settings, and compiled a list, which is now available as a downloadable file, containing the URL of every "searchable" Facebook user's profile, their name and unique ID, the BBC reported Thursday.
Bowles said he published the data to highlight privacy issues, but Facebook retorted by saying the information was already public.
"People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want," the website said.
"In this case, information that people have agreed to make public was collected by a single researcher and already exists in Google, Bing, other search engines, as well as on Facebook."
"No private data is available or has been compromised," Facebook said.
The list has already been downloaded by over 1,000 people on Pirate Bay, the world's biggest file-sharing website. One user, going by the name of "lusifer69", said the list was "awesome and a little terrifying."
But internet watchdog Privacy International said Facebook had been given ample warning that something like this would happen.
"Facebook should have anticipated this attack and put measures in place to prevent it," Simon Davies, an official of Privacy International, said.
"It is inconceivable that a firm with hundreds of engineers couldn't have imagined a trawl of this magnitude and there's an argument to be heard that Facebook have acted with negligence," he said.
Facebook hit 500 million users in June this year.
Would love to here from you...