Personal details of 100m
Facebook users have been collected and published on the net by a security consultant.
Ron Bowles used a piece of code to scan
Facebook profiles, collecting data not hidden by the user's privacy settings.
The list, which has been shared as a downloadable file, contains the URL of every searchable
Facebook user's profile, their name and unique ID.
Mr Bowles said he published the data to highlight privacy issues, but
Facebook said it was already public information.
The file has spread rapidly across the net.
On the Pirate Bay, the world's biggest file-sharing website, the list was being distributed and downloaded by more than 1,000 users.
One user, going by the name of lusifer69, described the list as "awesome and a little terrifying".
In a statement to BBC News,
Facebook said that the information in the list was already freely available online.
"People who use
Facebook own their information and have the right to share only what they want, with whom they want, and when they want," the statement read.
"In this case, information that people have agreed to make public was collected by a single researcher and already exists in Google, Bing, other search engines, as well as on
Facebook.
"No private data is available or has been compromised," the statement added.
'Privacy confusion'
But Simon Davies from the watchdog Privacy International told BBC News that
Facebook had been given ample warning that something like this would happen.
"
Facebook should have anticipated this attack and put measures in place to prevent it," he said
"It is inconceivable that a firm with hundreds of engineers couldn't have imagined a trawl of this magnitude and there's an argument to be heard that
Facebook have acted with negligence, he added.
Mr Davies said that the trawl of data fed into "the confusion of the privacy settings".
"People did not understand the privacy settings and this is the result," he said
Earlier this year there was a storm of protest from users of the site over the complexity of
Facebook's privacy settings. As a result, the site rolled out simplified privacy controls.
Facebook has a default setting for privacy that makes some user information publicly available. People have to make a conscious choice to opt-out of the defaults.
"It is similar to the white pages of the phone book, this is the information available to enable people to find each other, which is the reason people join
Facebook," said a spokesman for the firm.
"If someone does not want to be found, we also offer a number of controls to enable people not to appear in search on
Facebook, in search engines, or share any information with applications."
But Mr Davies disagreed, saying the default settings should be changed.
"This highlights the argument for a higher level of privacy and proves the case for default nondisclosure," he said.
"There are going to be a lot of angry and concerned people right now who be wondering who has their data and what they should do."
However, Mr Davies pointed out that this was something of an "ethical attack" and that more personal information, such as email addresses, phone numbers and postal addresses had not been included in the trawl.
