Ireland's data protection watchdog is demanding answers from Facebook over the release of records on 533 million people that appeared to stem from the social media site, a spokesman said.

A spokesman for the Data Protection Commission (DPC) - which regulates Facebook in the European Union - said "a dataset, appearing to be sourced from Facebook, has appeared on a hacking website this weekend for free and contains records of 533 million individuals."

"A significant number of the users are EU users," he added.

The DPC said the data, which includes phone numbers and email addresses, appears to have been "scraped some time ago from Facebook public profiles."

"Scraping" refers to the generally automated process of harvesting and collating information from websites.

The DPC said: "Risks arise for users who may be spammed for marketing purposes but equally users need to be vigilant in relation to any services they use that require authentication using a person's phone number or email address in case third parties are attempting to gain access."

The commission said similar datasets were previously shared in 2018 and 2019 sourced from a "vulnerability" in Facebook's "phone lookup functionality" which was fixed in April 2018.

The company did not notify the Irish regulator of the breach because it took place before the introduction of the EU-wide General Data Protection Regulation (GDPR) in May 2018.

The latest published dataset appears to be comprised of the 2018 release "combined with additional records, which may be from a later period," the DPC spokesman said.

Under GDPR social media users have more established data rights while regulators have been supported with greater punitive powers.

If the DPC opens an investigation into Facebook under GDPR and finds it in breach of the legislation, it has the power to impose a fine of four per cent of the firm's annual global turnover.

The commission said it "received no proactive communication from Facebook" over the weekend.

The DPC said Facebook has since told it the data breach "requires extensive investigation to establish its provenance".

The commission said it "will communicate further facts as it receives information from Facebook".