267 million Facebook profiles sold for $600 on the dark web

While none of these records include passwords, they do contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials.

"At this stage, we are not aware of how the data got leaked at the first instance, it might be due to a leakage in third-party API or scrapping," Arora told BleepingComputer. "Given the data contain sensitive details on the users, it might be used by cybercriminals for phishing and spamming."