Personal database of 267 million Facebook users which was being sold on the dark web for just €500 (about ₹41,000) has now expanded to 309 million, cyber risk assessment platform Cyble Inc said Friday.

The database includes users’ phone numbers, email addresses, names, Facebook IDs and age, according to the researchers. While passwords weren’t exposed in the breach, security professionals have recommended users to change it.

The researchers at Cyble also bought the data and are making it available on their breach monitoring platform, AmIbreacher.com. While the data isn’t publicly available through that platform, the company will make a searchable database for users to check if their accounts were involved in the security breach.

“At this stage, we are not aware of how the data got leaked at the first instance, it might be due to a leakage in third party API or scrapping," the company wrote in a post on Medium. “Given the data contain sensitive details on the users, it might be used by cybercriminals for phishing and spamming," Cyble said in a statement.

Further, it doesn’t seem like this is the first time this database has been leaked. Security company, Sophos, found that the same database was also “spotted by security researcher Bob Diachenko, taken down by the ISP hosting the page, reappeared, fattened up with another 42 million records in an Elasticsearch cluster on a second server, and then been destroyed by unknown actor(s) who replaced personal info with dummy data and swapped in database names labelled with this advice: ‘please_secure_your_servers’."

According to Sophos, Diachenko had partnered with tech comparison website Comparitech for this last month and Comparitech said the database has been exposed by about two weeks. Sophos also tracked the timeline for the breach between December 4, 2019 and March 4, 2020. “The initial breach exposed 267,140,436 records of what were mostly Facebook users in the US," the company wrote. These same records were exposed in March 2020 again but there were an additional 42 million records added to it.