Phone numbers linked to more than 400 million Facebook accounts have been listed online in the latest privacy lapse for the social media giant.

An exposed server stored 419 million records on users across several databases, including 133 million US accounts, more than 50 million in Vietnam, and 18 million in Britain, according to technology news site TechCruch.

The databases listed Facebook user IDs - unique digits attached to each account - the profiles' phone numbers, as well as the gender listed by some accounts and their geographical locations, TechCrunch said.

The server was not password protected, meaning anyone could access the databases, and remained online until late last night when TechCrunch contacted the site's host.

Facebook confirmed parts of the report but played down the extent of the exposure, saying that the number of accounts so far confirmed was around half of the reported 419 million.

It added that many of the entries were duplicates and that the data was old.

"The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised," a Facebook spokesperson told AFP.

The Data Protection Commissioner here has said it has contacted Facebook in Ireland in relation to the privacy lapse.

Head of Communications for the Office of the Commissioner said "We became aware of this issue through yesterday evenings media coverage. We engaged with Facebook today asking a series of questions and we are currently awaiting their response."

Following the 2018 Cambridge Analytica scandal, when a firm used Facebook's lax privacy settings to access millions of users' personal details, the company disabled a feature that allowed users to search the platform by phone numbers.

The exposure of a user's phone number leaves them vulnerable to spam calls, or SIM-swapping, as recently happened to Twitter CEO Jack Dorsey, with hackers able to force-reset the passwords of the compromised accounts.