Facebook officials told a blogger to keep their discussions with him private as they investigate claims he acquired names and e-mail addresses belonging almost one million account holders for $5 through a publicly available service online.

"Oh and by the way, you are not allowed to disclose any part of this conversation," member's of Facebook's platform policy team said during a tape-recorded telephone conversation, according to a blog post published by Bogomil Shopov, who describes himself as a "community and technology geek" who lives in Prague, Czech Republic. "It is a secret that we are even having this conversation."

Shopov said Facebook officials set up the conversation after an earlier blog post claiming he purchased data for one million Facebook users online for just $5. The blogger said it was impossible for him to determine exactly how recent the data was, although several of the entries he checked contained accurate e-mail addresses for people he knew. In addition to containing names and e-mail addresses, the cache he purchased also contained profile IDs. In an e-mail to Ars, Shopov said he suspects the data came from a third-party developer. The website selling the information has since removed the post that advertised the data, but for the time being it's still available in Google cache.

Shopov said Facebook officials thanked him for bringing the issue to their attention, and asked him to forward the data and then destroy it. He said he complied with both those requests, but decided not to obey the admonishment to keep his conversations private.

"I agreed to send them the data and the website of course, for that was my purpose," he wrote. "I tried to ask what they would do next but they said it would be an internal legal investigation. I asked if it was possible to tell what the problem was, after they finished the investigation, so that the users could protect themselves, but they emphasized that it would be an internal investigation and they would not share any information with third parties."

In a later blog post, Shopov called on Facebook to permanently delete user data when accounts are closed on the social network.

"I want Facebook to start removing entire user data after pressing 'Delete my account,'" he wrote. "Is this so much to ask. This is fair, isn’t it?"

A Facebook spokesman issued the following response:

Facebook is vigilant about protecting our users from those who would try to expose any form of user information. In this case, it appears someone has attempted to scrape information from our site and combine the information with data publicly available elsewhere on the web. We have dedicated security engineers and teams that look into, and take aggressive action on reports just like these. In addition to the engineering teams that build tools to block scraping we also have a dedicated enforcement team that seeks to identify those responsible for breaking our Terms and works with our Legal team to ensure appropriate consequences follow. We continue to investigate this specific individual.

In a follow-up e-mail, the spokesman pointed to this link that explains how people can go about having all their Facebook account data permanently deleted.

Article updated to add last paragraph.