Around 533 million Facebook users are thought to have been affected by the data breach, with phone numbers, Facebook ID, full name, location, past location, birth date, email address, account creation date, relationship status, and personal bios all available.
The data is thought to be the same set that was leaked in January 2021 and was available to purchase online, meaning Facebook has failed to secure its users once again.
The leak was first discovered by security researcher Alon Gal, co-founder of security research company Hudson Rock. Gal says he has verified the details of some users involved in the leak, with the information seemingly valid.
He believed the data could be a couple of years old and could have been extracted using the bug that Facebook said it fixed back in 2019 – before being first made available online back in January. 
Facebook corroborated this, telling Business Insider that the data had been scrapped due to the vulnerability that it patched back in 2019.
That being the case, hackers or imposters could still misuse the information for SMS phishing scams, impersonate users or lure them to share the credentials.
“Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with the utmost respect. Users having their personal information leaked is a huge breach of trust and should be handled accordingly,” Gal added.