Massive Data Breach Exposes 400GB of Twitter (X) User Information
A potentially unprecedented social media data leak has reportedly exposed 400GB of data from approximately 2.87 billion Twitter (X) user accounts, making it one of the largest breaches in history.
Origin of the Breach
The breach was initially reported on March 28, 2025, by a user known as “ThinkingOne” on Breach Forums. According to their claims, the data was stolen by a disgruntled employee during mass layoffs at the company.
Data Compilation and Breach Details
ThinkingOne states that they combined this newly leaked data with records from a previous security breach in January 2023, which impacted around 209 million Twitter users. The merged dataset resulted in a 34GB CSV file (compressed to 9GB) containing 201,186,753 user records from both incidents.
Despite attempting to alert Twitter (X) through multiple channels, ThinkingOne alleges they received no response, prompting them to publicly release the information. Although the leaked data appears legitimate, they could not confirm if all email addresses match the associated accounts.
Extent of User Information Exposed
A report by Cyber Press indicates that the leaked dataset includes extensive metadata related to user profiles, such as:
- Account creation dates
- User IDs and screen names
- Profile descriptions and linked URLs
- Location and time zone preferences
- Display names (current and from 2021)
- Follower counts from 2021 and 2025
- Number of tweets and timestamps of last tweets
- Last tweet source (e.g., TweetDeck, X Web App)
- Account status (verified or protected)
While the 2023 breach included email addresses, the 2025 leak does not contain this sensitive data. However, the combined dataset provides a highly detailed view of user profiles.
Investigation and Potential Impact
Further examination by Cyber Press uncovered 165 related files, including compressed CSV files dated January 24, 2025, ranging from 361MB to 376MB in size. The scale of this breach is staggering. Given that X reported 335.7 million active users as of January 2025, the claim of 2.87 billion records suggests the dataset may include historical accounts, deleted profiles, or other stored user data.
As of April 1, 2025, X has not issued an official statement regarding the breach. The full impact remains uncertain, particularly if additional sensitive information is revealed.
If verified, this would be the second-largest data breach on record, surpassed only by the National Public Data breach, which exposed 3.1 billion records.
For Twitter (X) users, this exposure significantly increases the risk of phishing attacks and identity impersonation, even though email addresses were not part of the latest leak.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
