Because I would really like to know if I'm affected. According to "Have I Been Pwned" my phone number is not in the list, but about one or two weeks ago I noticed that my spam folder was unusually full, which led me to believe that something new must have happened. Shortly thereafter Facebook's leak hit the news.

From my point of view it is their obligation to notify all the affected users. It's morally the right thing to do, and legally, well, I don't know, but maybe the GDPR says that yes, that it's their obligation to do so.

And with notification I mean to send a notification email, since I haven't logged in for months and don't intend to this year.

Just assume the answer is yes. If you are active online at all, you're in a breach somewhere. In fact, you are likely in a breach even if you are not active online (in a state/federal government data breach for example)

The leak did not include email addresses, so your email spam issue is unrelated.

According to haveibeenpwned.com

> whilst each record included phone, only 2.5 million contained an email address

That's not true, many of the accounts did have email addresses.

The only email addresses in the leak are of those who have specifically set their email address to be public on their facebook profile.

Newer Android versions have an SMS spam folder as well, they might have been talking about that.

It did include email addresses in some cases, just not all of them.

Ah, thank you.