Facebook has admitted accidentally leaking more than six million email addresses and phone numbers.
The social network said on Friday that a bug had shared the contact information for many users without their consent through its 'Download Your Information' tool.
Facebook said it was "upset and embarrassed" by the leak.
The bug accidentally associated users' information with other contacts, and downloaded their email and phone number when those contacts used the DIY tool.
Facebook said that there was no evidence that the bug had been used by hackers, but pulled the tool for 24 hours while it fixed the issue.
It added that in most cases the numbers and emails were not shared to more than one person, and that it was difficult to imagine how the bug would have been used on an industrial scale.
But the leak still raises questions about Facebook's privacy and data protection policies, which are becoming an increasing issue for many users according to a survey out on Monday.
In a statement Facebook said:
"We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing.
Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again.
Your trust is the most important asset we have, and we are committed to improving our safety procedures and keeping your information safe and secure."
The social network said that it would contact affected users by email, and added hat it had paid a "bug bounty" to the security researcher who had identified the issue.