An investigation by cybersecurity firm UpGuard found that more than 540 million of the records were publicly available on Amazon’s cloud servers after they were uploaded by two third-party apps.
The revelation marks the latest time that Facebook has been accused of failing to protect the privacy of the billions of people who use its site to store their private data.
Facebook said it had taken down the databases once it was made aware of them.
“Facebook’s policies prohibit storing Facebook information in a public database,” a company spokeswoman said in a statement.
“Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
The company confirmed it was continuing to investigate the incident.
The databases were from a Mexico-based media company called Cultura Colectiva and an app called At The Pool, the security researchers said.
The incident is the latest in a growing catalogue of data issues for the company, following widespread incidents of misinformation being spread on the network, breaches of user data and allegations of political manipulation.
In October last year, Facebook also revealed millions of email addresses, phone numbers and other personal user information were compromised during a security breach, affecting as many as 50 million accounts.
Last month, the company also admitted that millions of Facebook, Facebook Lite and some Instagram users had their passwords stored in plain text, leaving the accounts in question at risk.