In a shocking turn of events, a massive data leak involving a staggering 2.87 billion Twitter (X) users has come to light on the notorious Breach Forums. The culprit behind this unprecedented breach is believed to be a disgruntled ex-employee of X who allegedly made off with the data during a tumultuous period of mass layoffs at the company, leaving both X and the general public completely unaware of the magnitude of the leak.
The initial post on the Breach Forums by a user named ThinkingOne revealed that a whopping 400GB of data was surreptitiously obtained during the chaotic downsizing at X. Despite attempts to alert X to the breach, no response was received, prompting ThinkingOne to take matters into their own hands by merging the stolen data with another infamous breach from January 2023.
To fully comprehend the extent of the leak, it is important to revisit the 2023 data breach at X, which impacted approximately 209 million users and exposed crucial information such as display names, usernames, follower counts, and account creation dates. While X downplayed the severity of the breach at the time, claiming it only involved publicly available data, security experts warned of the potential for phishing and identity theft due to the combination of email addresses and public data.
Unlike the 2023 breach, the 2025 leak contains a treasure trove of profile metadata but notably excludes email addresses. The leaked data includes user IDs, screen names, profile descriptions, URLs, location and time zone settings, tweet histories, followers counts, and various other profile details. However, the absence of email addresses sets this leak apart from its predecessor and raises questions about the motive behind the breach.
ThinkingOne’s decision to merge the 2025 leak with the 2023 breach resulted in a massive 34GB CSV file containing 201 million merged entries. It is crucial to note that the merged data only includes users present in both incidents, creating a mix of public and semi-public data. Despite the inclusion of email addresses in the merged dataset from the 2023 breach, the 2025 leak does not feature this sensitive information.
The astronomical figure of 2.8 billion leaked records raises eyebrows, considering that X had around 335.7 million users as of January 2025. Speculations abound regarding the origin of the surplus data, with possibilities ranging from historical and aggregated data to non-user entities and information sourced from various public repositories linked to Twitter accounts.
The identity of ThinkingOne and the method through which they obtained the leaked data remain shrouded in mystery. While their theory of an internal leak during the layoffs is intriguing, concrete evidence to substantiate this claim is lacking. The silence from X in response to these grave allegations only deepens the intrigue surrounding this unprecedented data breach, leaving users with a raft of unanswered questions about the security of their personal information and the integrity of the platform.