1.2B Facebook Records for Sale: Real Breach or Repackaged Data?

Why Trust Techopedia

News of a fresh Facebook breach sparked confusion rather than clarity last month after a hacker claimed to have scraped the personal data of 1.2 billion Facebook users.

According to security researchers at Cybernews, the data was reportedly pulled using Facebook’s API and then listed for sale on a well-known dark web forum. However, Facebook’s parent company, Meta, isn’t treating it as breaking news. “This is not a new claim…” the company’s spokesperson told Cybernews.

In the course of writing, I managed to ask as many Facebook users as I could find if they got any security incident notice from Meta, but no one got any notification to that effect.

Still, cybersecurity researchers who examined samples say the data appears legitimate and potentially dangerous, regardless of when it was obtained.

Here, we cut through the noise to understand what actually went down and whether the threat is real.

Key Takeaways

  • A hacker claimed to be selling personal data from 1.2 billion Facebook users.
  • Experts say the data looks real but may include older information from past breaches.
  • Meta says it’s not new and hasn’t issued any user notifications.
  • Recycled data can still be dangerous when used in phishing, fraud, or credential stuffing attacks.
  • Experts advise treating all leaks as serious and taking steps to secure your accounts.

Researchers Claim It’s Real, Facebook Says It’s Old

In May 2025, a threat actor dubbed “ByteBreaker” announced on dark web forums that they were selling the personal data of 1.2 billion Facebook users. As proof, they shared a 100,000-record sample containing full names, email addresses, phone numbers, locations, birthdays, and other profile details.

Cybersecurity researchers at Cybernews, who reviewed the sample, found that much of the data was authentic. But many of those records also matched the 2021 Facebook breach that exposed data from over 500 million users.

Forum post promoting the sale of a newly leaked Facebook database, claiming it contains 1.2 billion entries. User profile visible.
Post on a data leak forum. Source: Cybernews

That overlap has fueled speculation that this might not be a new breach at all, but a recompiled dataset, sort of old data presented with a fresh label.

According to reports from Hackread, there are more reasons to be skeptical. For one, ByteBreaker previously listed a different Facebook database for sale just weeks earlier, claiming it contained 780 million records.

In both cases, the hacker used the same data sample and said it was scraped via Facebook’s API. The listings also included mismatched figures, whereby the sample only contained 200 million rows, which doesn’t align with the claim of 1.2 billion unique records.

ByteBreaker’s Telegram handle even changed between posts, further raising doubts about the actor’s identity and credibility.

Hackread noted that after media coverage intensified, ByteBreaker was banned from the forum where the data had been listed.

Profile of user "ByteBreaker," marked as banned, featuring an anime character and details like registration and last visit dates.
ByteBreaker banned. Source: Hackread

However, Meta hasn’t shared any technical evidence to rule out the presence of new data in the dump. Despite the uncertainty, what’s clear is that the data is out there in the wild.

Stolen Old Data Can Still Hurt

At first glance, the claim from ByteBreaker might sound like a remix of a breach Facebook has already faced. Meta has certainly leaned into that interpretation. But this alleged leak, now circulating on hacking forums, feels different, not just because of the scale, but because of how little clarity exists about what’s actually in it, the quick dismissal from Meta, and, to a certain degree, a perceived apathy from the public.

Ordinarily, when there is news of a breach of this magnitude, the internet is set abuzz with people panicking here and there. But there appears to be no such buzz this time, perhaps because Meta refused to acknowledge it as “dangerous.”

Francis Fabrizi, Ethical Hacker at Keirstone Security, blames this on breach fatigue.

He told Techopedia:

“From a psychological perspective, there is also breach fatigue. When people hear that their data ‘may have been leaked again,’ they often become numb to the risks and do not take action, especially if they believe the information is outdated.”

When Mark Voronov, Co-founder & CEO at SocialPlug, spoke to Techopedia, he suggested that whether it’s brand new or partly recycled data, it remains usable by cybercriminals. He said:

“Old data seems harmless, but the truth is that people reuse passwords more than they care to admit. If an old email-password combination were to be leaked again and that same password could unlock actual accounts for someone, then that spells trouble.”

Even if the bulk of the data is old, Fabrizi refuses to write off the risk it poses to users whose data may have resurfaced.

“The fact that it’s recycled data does not reduce its utility to attackers. For example, if a user’s email and phone number were leaked years ago and are still in use today, that person remains a target for phishing scams and SIM swapping,” he explained.

Defending Against Risk When Breach Details Remain Uncertain

When the exact scope and freshness of leaked data are unclear, the uncertainty itself becomes a risk. Even if much of the compromised information is recycled from older security breaches, that does not reduce the potential for fraud, phishing, or identity theft. Attackers can combine data from multiple sources to build detailed profiles, making scams more convincing.

This approach has already been used in several major breaches. In 2022, cybercriminals took vault data from the LastPass breach and matched it with other leaks to launch targeted phishing campaigns.

A year later, the MOVEit Transfer breach exposed sensitive data from hundreds of organizations. That information was later used in business email compromise scams and identity fraud attempts.

Fabrizi of Keirstone Security recommends treating any ambiguous breach as a live threat. He told Techopedia:

“You can’t afford to wait for confirmation. If there’s even a chance the data is current, act like it is.”

For individual users, that starts with immediate password resets, especially for accounts where the same password might have been reused, and enabling multi-factor authentication (MFA) wherever possible.

Beyond personal vigilance, Fabrizi urges users to watch out for phishing scams that feel eerily targeted. He warned:

“If your data’s out there, even from years ago, it can be weaponized to make scam messages seem legitimate.”

The Bottom Line

Whether this latest Facebook leak is new or a repackaged version of old data, the risks are real.

Cybercriminals don’t need fresh information to cause harm. With enough personal details, no matter when they were stolen, they can launch scams, crack passwords, or impersonate users.

The lack of clarity from Meta has left users guessing, but that shouldn’t mean doing nothing. As breach fatigue grows and threats become more subtle, it’s easy to ignore these warnings. But staying proactive with password hygiene, multi-factor authentication, and phishing awareness can go a long way.

FAQs

Is the Facebook data breach in 2025 real or recycled?

What should I do if I think my Facebook data was leaked?

Can old data breaches still be dangerous?

Related Reading

Related Terms

Advertisements
Franklin Okeke
Technology Journalist
Franklin Okeke
Technology Journalist

Franklin Okeke is an author and tech journalist with over seven years of IT experience. Coming from a software development background, his writing spans cybersecurity, AI, cloud computing, IoT, and software development. In addition to pursuing a Master's degree in Cybersecurity & Human Factors from Bournemouth University, Franklin has two published books and four academic papers to his name. Apart from Techopedia, his writing has been featured in tech publications such as TechRepublic, The Register, Computing, TechInformed, Moonlock, and other top technology publications. When he is not reading or writing, Franklin trains at a boxing gym and plays the piano.

Advertisements