[i_have_an_idea]

> Where could I, or any Internet user, trivially download these details on 533M Facebook users prior to this dump?

On Facebook. Literally. You can scrape any public profile info. It's against ToS, but it's not illegal (some caveats apply, see the hiQ Labs v. LinkedIn case for more info).

The only noteworthy thing is the phone number vuln. Except that's been known since 2019, so it's certainly not news.

[azeirah]

There's a difference between programming a scraper capable of scraping 500 million records, running it and storing the results without getting caught by Facebook and downloading a file.