A massive data breach involving the personal information of 2.873 billion X users (formerly Twitter) has been uncovered on hacker forums, marking one of the largest data leaks in social media history.
The breach, reportedly taking place in January 2025, was first brought to light by a user on a data leak forum named “ThinkingOne.” This person claimed that the breach occurred during a period of layoffs at X and was allegedly carried out by a disgruntled employee. Despite attempts to notify X and its user base, the hacker’s warnings were mostly ignored, prompting them to disclose the information online. The hacker merged the leaked data with records from a prior 2023 Twitter breach involving 200 million users to create a dataset with 201,186,753 entries.
The dataset from the 2023 breach included basic user information such as names, screen names, and follower metrics. However, the 2025 dataset went even further, adding more detailed information like user IDs, location, time zone, language preferences, friend and follower counts, statuses, and detailed metrics on user activity. This increased level of detail raises concerns about privacy and security, as the data could potentially be used for profiling, phishing, and targeted cyberattacks.
Cybersecurity investigative team Cyber Press discovered 165 separate files linked to the breach, including CSV datasets dated January 24, 2025. The authenticity of the leaked data has been confirmed by ThinkingOne, who claims to have thoroughly analyzed it, though the exact method of extraction remains unclear. If verified, this breach could become one of the largest data breaches ever, second only to the 2021 National Public Data breach of 3.1 billion records.
Despite X boasting 600 million Monthly Active Users (MAUs), ThinkingOne believes that the total number of registered accounts on the platform exceeds this figure, making the 2.8 billion record count plausible. The reaction to the breach online has been swift and concerned, with users debating the severity of the incident and its implications. X has so far not issued an official statement regarding the breach, leaving millions of users in uncertainty.
This breach underscores the critical vulnerabilities present in social media platforms and emphasizes the urgent need for increased security measures and transparency. As investigations continue, this incident serves as a stark reminder of the importance of safeguarding user data in today’s interconnected digital world.