Facebook says user data contained in unsecured S3 buckets has been removed from AWS after a report from cybersecurity firm UpGuard pointed to millions of exposed records.
UpGuard's Cyber Risk team said Mexico City-based digital platform Cultura Colectiva openly stored 540 million records on Facebook users, including identification numbers, comments, reactions and account names.
Another database, an app called At the Pool, listed names, passwords and email addresses of 22,000 people, UpGuard said.
"We worked to get the databases in question taken down, but we are still investigating exactly what information was stored there," a Facebook spokeswoman said, adding that the company's policies prohibit storing user information in a public database.
Facebook has been hit by a number of privacy-related issues, with the latest being a glitch that exposed passwords of millions of users stored in readable format within its internal systems to its employees.
Last year, the company had come under fire following revelations that Cambridge Analytica had harvested personal data of millions of people's Facebook profiles without their consent.
The company later announced changes to the platform aimed at protecting user data.
Amazon did not immediately respond to requests for comment.
(Reporting by Akanksha Rana and Sayanti Chakraborty in Bengaluru; Editing by James Emmanuel)