Personal details of 100m Facebook users have been collected and published on the net by a security consultant.
Ron Bowes used a piece of code to scan Facebook profiles, collecting data not hidden by the user's privacy settings.
The list, which has been shared as a downloadable file, contains the URL of every searchable Facebook user's profile, their name and unique ID.
Mr Bowes said he published the data to highlight privacy issues, but Facebook said it was already public information.
The file has spread rapidly across the net.
On the Pirate Bay, the world's biggest file-sharing website, the list was being distributed and downloaded by more than 1,000 users.
One user, going by the name of lusifer69, described the list as "awesome and a little terrifying".
In a statement to BBC News, Facebook said that the information in the list was already freely available online.
"People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want," the statement read.
"In this case, information that people have agreed to make public was collected by a single researcher and already exists in Google, Bing, other search engines, as well as on Facebook.
"No private data is available or has been compromised," the statement added.
But Simon Davies from the watchdog Privacy International told BBC News that Facebook had been given ample warning that something like this would happen.
"Facebook should have anticipated this attack and put measures in place to prevent it," he said
"It is inconceivable that a firm with hundreds of engineers couldn't have imagined a trawl of this magnitude and there's an argument to be heard that Facebook have acted with negligence, he added.
Mr Davies said that the trawl of data fed into "the confusion of the privacy settings".
"People did not understand the privacy settings and this is the result," he said.
Earlier this year there was a storm of protest from users of the site over the complexity of Facebook's privacy settings. As a result, the site rolled out simplified privacy controls.
Facebook has a default setting for privacy that makes some user information publicly available. People have to make a conscious choice to opt-out of the defaults.
"It is similar to the white pages of the phone book, this is the information available to enable people to find each other, which is the reason people join Facebook," said a spokesman for the firm.
"If someone does not want to be found, we also offer a number of controls to enable people not to appear in search on Facebook, in search engines, or share any information with applications."
But Mr Davies disagreed, saying the default settings should be changed.
"This highlights the argument for a higher level of privacy and proves the case for default nondisclosure," he said.
"There are going to be a lot of angry and concerned people right now who will be wondering who has their data and what they should do."
However, Mr Davies pointed out that this was something of an "ethical attack" and that more personal information, such as email addresses, phone numbers and postal addresses had not been included in the trawl.
BBC Online readers have been sending us their thoughts on this story. Here is a selection of their comments.
I've reconnected with dozens of old friends, some of whom I hadn't seen in years, because it is possible to search for them on Facebook. There's not much point in signing up for it if you're just going to hide behind a wall of anonymity.
Cliff Smith, Exeter, UK
I don't see that Facebook has done anything wrong. They make it abundantly clear that you, the subscriber, are responsible for managing your privacy settings. If you don't know how to cook, you stay out of the kitchen. In other words, if you don't understand how to manage your privacy settings, don't sign up to Facebook.
Steve, Riverside, California, USA
I made a deliberate decision not to use Facebook because I don't trust it. It is obviously a frequently-attacked site, and I don't trust the company to resist the temptation to harvest the data they host.
Jane C, UK
What happened is that someone wasted hours compiling already available material and then posted it on the 'scary' Pirate Bay website, as if they were disclosing secrets of national security. It's no more alarming than finding the yellow pages in a brothel. If you want to meet friends and share information with the world then stop whining when the person looking over your shoulder can see it all too.
Mark Ford, East Grinstead, UK
I use Facebook to connect with family friends and co-workers. But I am not searchable, I do not share with 'friends of friends' and have not installed any of those silly side apps that share your info. Facebook is still too complicated for the average user.
Shannon, Winchester, California, USA
Large scale data mining exercises like this one are actually pretty common and easy to do. If you don't want people looking at your information, either don't make it publicly available or don't post it in the first place.
Ben, Manchester, UK