-
A threat actor has just released a fully parsed dataset, containing more than 502 million records across over 100 countries, obtained from the 2019 Facebook breach.
-
The cleaned data, posted on a dark web forum, is now easily accessible in JSONL files, including phone numbers, emails, full names, locations, and profile URLs.
-
This repackaging increases the risk of targeted phishing and scams, as old data remains valuable to criminals.
A threat actor has fully cleaned and repackaged old data from the massive Facebook leak of 2019 for easy use.
This new release puts over half a billion user records back in the spotlight. It could be a gift for scammers looking to launch targeted attacks.
Fully Cleaned Facebook Data Surfaces on Cybercrime Forum
Back in 2019, Facebook had a vulnerability in their systems that allowed malicious actors to scrape personal data from approximately 533 million users of Facebook’s platform.
According to a recent report, a threat actor recently posted a fully parsed dataset from this breach on a hacking forum. They boasted about the difficult cleanup work. “The data from the 2019 Facebook breach is a nightmare to parse,” they wrote. They claimed to have fixed encoding errors and faulty lines.
Source: Darkwebinformer | X
The final product is a streamlined, 13.77 GB archive. It holds over 502 million cleaned records. The hackers neatly organize the data into JSONL files for each affected country. The hacker removed only eight “unrecoverable” records. This information contains phone numbers, names, sex, location, email addresses, and links back to their profiles.
This event impacted people from Libya, Ghana, Finland, Nigeria, Spain, Russia, the United Arab Emirates, and over 100 other countries. Access to the archive costs 12 “points” on the forum. This points system is common in these communities for trading stolen data.
Why “Old” Data Still Poses a Major Threat
The leaked Facebook data really stirred a lot of chaos back then, with a series of investigations opened to look into what happened. Facebook said it will not notify users individually about their personal details being breached. In a statement, Facebook said it was “old data” from an issue already patched up in August of 2019, but privacy advocates and security experts disagreed with this statement.
The Irish Data Protection Commission even launched a formal investigation into the breach. They probed into whether Facebook violated EU data protection laws.
Bogdan Botezatu of Bitdefender warned that publicly available data opens “new and rewarding possibilities for scammers.” Even Adam Levin, the founder of CyberScout, said scammers can do so much damage with the little information they steal from people. He noted that circulating phone numbers pose a serious problem because people can use them as universal identifiers to link someone to their digital presence.
The misconception is that old data is harmless. This is false. A lot of us like to use the same password and personal details on different accounts for years. Many of those affected by the breach in 2019 are likely still using their phone numbers since.
For cybercriminals, this parsed data represents a readily accessible toolkit used for social engineering. Scammers can craft convincing phishing messages. They can impersonate trusted contacts or institutions. The goal is account takeover, identity theft, or financial fraud.
A Lasting Cycle of Risk
This incident mirrors other long-tail data breaches, such as when recently leaked corporate login credentials from the UK’s biggest companies flooded dark web markets, or how the 2015 breach of the dating app Ashley Madison would later serve as the basis for new blackmail schemes in 2020. Criminals reuse this data, known as “personal details,” again and again, even years after the breach.
The threat actors will repackage it, sell it, and reuse it for other purposes. The repackaging of this Facebook data is a clear example of that cycle. The threat actor has just transformed the data from a messy leak into a database that’s easily accessible to criminals.
We’ve seen this pattern in action. In one sophisticated scheme, Indian scammers purchased personal details on the dark web to impersonate U.S. law enforcement, terrorizing victims into paying fines.
Facebook users who have kept the same phone number and email linked to their accounts since 2019 should stay alert so attackers do not catch them off guard with random calls or text messages fishing for personal details. The core lesson remains. Limit what you share on social media.
You cannot assume platforms provide bulletproof security. Once your data is exposed, attackers can repeatedly weaponize it against you. This latest release proves that point.
