A massive data leak has reportedly exposed the personal data of millions of X users, raising serious concerns about the platform’s security. This article dives deep into the recent X data breach, outlining the scope of the leak, the types of data compromised, and the potential implications for affected users. Learn about crucial steps you can take to protect yourself from phishing and other cyber threats stemming from this alarming incident.
X Under Fire: Massive Data Leak Exposes Millions of User Accounts
April 3, 2025
The Breach: A Timeline of Events
A potential data breach at X, formerly known as Twitter, has sent shockwaves through the social media landscape. The incident, which reportedly occurred earlier this year, involves the personal information of over 200 million users.
The cybersecurity information platform Safety Detectives discovered a post on a hacker forum detailing the large-scale information leakage. The post,authored by someone using the moniker “ThinkingOne,” claimed that 400GB of data,encompassing information from more than 2.8 billion accounts, was leaked in January [2].
What Data Was Exposed?
The leaked data includes email addresses linked to X accounts, names, location information, and follower counts. This contrasts with a previous X user data leak in January 2023, though both incidents involved a file containing information on approximately 21 million individuals.
- Email Addresses
- Names
- Location Information
- Follower Counts
The Investigation and Claims
Safety Detectives confirmed that information corresponding to 100 users on the list matched actual X profiles. While many email addresses were valid, it remains unconfirmed whether the X account user’s email on the list is accurate. The method by which the data was leaked remains unclear.
ThinkingOne alluded to potential internal dissatisfaction as a cause, stating, Which employee would have been dissatisfied while many employees were fired
.
ThinkingOne also stated, I first tried to come in contact with X through various methods, but there was no response.
In an email interview, ThinkingOne denied being a hacker, posing the question, If you are not an employee, how can you list all Twitter user IDs?
Scale and Scope of the Breach
While the leaked dataset reportedly contains 2.8 billion accounts [2] [3], it is vital to note that many of these may be bot accounts, spam accounts, or inactive profiles. According to Statista,X has an estimated 400 million users worldwide.
Expert Analysis and Recommendations
Security experts warn that the leaked email addresses and other information could be used to target X users through phishing or scams.
Cyber criminals can use leaked information to create convincing emails or messages that seem to have been sent from X or other legitimate sources. These messages are aimed at providing more sensitive information or clicking on malicious links.
Experts advise users to avoid clicking unknown links or downloading suspicious attachments. They also recommend updating privacy settings on social media accounts and other online platforms to limit the amount of personal information exposed.
The Aftermath and Potential Consequences
The potential consequences of this data breach are meaningful. users could face increased risks of phishing attacks, identity theft, and other forms of cybercrime. The incident also raises serious questions about X’s data security practices and its ability to protect user information.The alleged breach was first reported by Safetydetective.com, whose researchers found a 34 GB downloadable file on hacking forum “BreachForums” posted by a user ‘ThinkingOne’ [1].
