The bug, which has since been repaired, was part of the Download Your Information tool, which lets Facebook users export all data from profiles to their timeline and conversations with friends
The social network said in a blog that it had discovered and patched the bug, which unintentionally exposed some members' contact details.
Facebook said they were upset and embarrassed and will work hard to make sure nothing similar happens again.
Though the number of people impacted was huge, the actual spread of their contact information appears to be limited. The phone numbers and email addresses were not exposed to developers or posted publicly.
"For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person," the security blog added
Facebook said that it has no knowledge of the bug being used maliciously, and that it has not received any complaints from users.
The company added it had notified regulators in the US, Canada and Europe of the matter. Affected members will receive an email that provides insight around their contact information that was shared and the number of people it was showed to, the spokesperson said.
The bug was reported through the company's White Hat program, which rewards security researchers for reporting vulnerabilities.
“We appreciate the security researcher's report to our White Hat program, and have paid out a bug bounty to thank him for his efforts,” the statement concluded.
