"A database of that size containing the private information such as phone numbers of a lot of Facebook's users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks [or] hacking attempts," Gal told Insider.

This particular leak was discovered in January by Alon Gal, chief technology officer of the cybercrime intelligence firm Hudson Rock when a user in a low-level hacking forum posted about an automated bot that could collect phone numbers for millions of Facebook users for the right price. However, the recent leak has taken this a step further and not only it gathered phone numbers but also Facebook IDS, full names, locations, birthdates, bios as well as email addresses and posted it on the hacking forum for free making it available to anyone with basic data skills.

A Facebook spokesperson stated that this data has been scraped because of a vulnerability that the company fixed and patched back in 2019. While this information is a couple of years old, this data leak could prove extremely valuable to cybercriminals who use people’s personal information to impersonate them or trick them into handing over log in credentials according to Alon Gal.

This is not the first time that Facebook has had a leak of this magnitude, the vulnerability uncovered in 2019 allowed millions of phone numbers to be scraped from Facebook’s servers. This alone violated Facebook’s term of service, and even though they claim to have patched it Facebook could have done a better job by notifying the users just so they could remain vigilant about phishing schemes or fraud using their data.

"Individuals signing up to a reputable company like Facebook are trusting them with their data, and Facebook [is] supposed to treat the data with utmost respect," Gal said. "Users having their personal information leaked is a huge breach of trust and should be handled accordingly."