The report says Ron Bowles wrote code that trawled through all Facebook accounts looking for profile information which users had not manually opted to hide in their profile settings. He did not gather (or at least, did not publish) available phone numbers, street or email addresses.
Facebook, as well as many tech-savvy users of Pirate Bay and BBC readers who posted messages on the those sites, were quick to point out that his actions do not represent a hack of the social networking site.
Nor did Bowles acquire or distribute any personal information that wasn't freely and legally available online already -- nothing that Facebook's 500 million users sought to keep private. That was his point.
Attack or not, Simon Davies of London-based watchdog group Privacy International told the BBC that Facebook should have seen this coming.
"It is inconceivable that a firm with hundreds of engineers couldn't have imagined a trawl of this magnitude and there's an argument to be heard that Facebook have acted with negligence," he said.
Earlier this year, Facebook was forced to streamline its privacy controls after a small wave of user ire about the site's default settings. Those settings are designed to make most of the information users post freely available to other users -- if you want to "hide" information, photos or videos, you have to go into the settings and chose to do so.
With Bowles' data torrent making the news, it's likely that another wave of irate Facebook users will think twice about who's able to find their personal information online -- and some may seek out the privacy settings page on their profiles for the first time.