A TechCrunch report said Thursday that 133 million Facebook accounts in the U.S. and 18 million in the U.K. are also among those affected.
Phone numbers and other information including Facebook ID, gender and location by country are available online because the server containing these records were not protected with a password, according to TechCrunch, a U.S. online technology publication.
As a result, anyone could have found and accessed the unprotected online database, it said.
The incident puts phone numbers of millions of people at risk of spam calls, scams and other dubious schemes.
Facebook had disabled the feature allowing people to enter another person's phone number to find him or her on Facebook after the Cambridge Analytica scandal last year, when the personal data of many Facebook users were harvested without consent.
Facebook spokesman Jay Nancarrow told TechCrunch the information found in the exposed server was old and collected before the phone number feature was shut down.
"The data set has been taken down and we have seen no evidence that Facebook accounts were compromised," he said.
An unnamed Facebook spokesperson was cited by CNN as saying there are many duplicate entries exposed in the database and the company estimated that the number of accounts impacted is about half of what TechCrunch previously reported.