The data set is verified by several portals by testing email addresses and phone number for the password reset. The cybercriminals can take leverage of the leaked data using the personal information to impersonate or scam users handing the logins credentials resulting in engineering attacks or hacking attempts.
Facebook faced a similar attack earlier with the user’s phone numbers leaked in the market that was uncovered in 2019. The vulnerability allows the violation of its terms of services for people’s phone numbers to be scraped from the server. However, it was patched up in August of the same year.