The phone numbers and personal data of four million Israelis were posted in a low-level hacking forum on Saturday, according to a report on the Business Insider website.
The Israelis were among 533 million users of the social media giant from 106 countries who had their personal information released.
A Facebook spokesperson told Business Insider that the data had been scraped due to a vulnerability that the company patched in 2019.
The leaked information included the full name, Facebook identification, telephone numbers, email addresses, birthdates and in some cases location data of the users, the report said.
The breach was first detected by Israeli cyber specialist Alon Gal, the CTO of cybercrime intelligence firm Hudson Rock, who posted about it in January of this year.
Gal said Saturday on Twitter that the leaked information could be used for nefarious ends and slammed Facebook for its lack of culpability.
"I have yet to see Facebook acknowledging this absolute negligence of your data," Gal wrote. He warned that "bad actors" could use the information for "social engineering, scamming, hacking and marketing."
In the run-up to the 2016 U.S. presidential elections, Facebook came under fire after the Cambridge Analytica data research company used by the Trump campaign harvested the information of some 80 million users - in violation of the social media site's terms of service - to target potential American voters with political ads.
According to Gal, there is little Facebook can do to help its users who have been compromised and said the company should have at least gone public with the breach so that people could be more vigilant against potential phishing schemes or fraud.
"Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect," Gal said. "Users having their personal information leaked is a huge breach of trust and should be handled accordingly."
Cyber security experts have warned Facebook users to be aware that their telephone numbers and email addresses may have been posted online and urged them to activate two-stage verification for any online activity where possible.
The experts said users may be able to identify bots through incorrect grammar and poor wording.
Those who may have been compromised should avoid clicking on unknown links and be aware that offers of cash or gifts online are most likely a scam.