Major Data Breach Involving 2.87 Billion Twitter Users Exposes Vulnerabilities
A substantial data leak affecting approximately 2.87 billion users of Twitter, now rebranded as X, has emerged on Breach Forums. The information has been allegedly linked to a former employee of X, who is reported to have exfiltrated the data amidst widespread layoffs at the company. If verified, this incident could constitute the largest data breach in the history of social media platforms. Alarmingly, both X and the wider public seem largely uninformed about the situation.
According to the original post by a user identified as ThinkingOne, the leaked data, which consists of around 400 GB of information, was harvested during the chaotic layoffs that took place at X. The individual claims to have sought multiple avenues to communicate with X regarding the breach but received no acknowledgment. In response to this lack of engagement, ThinkingOne merged the newly leaked data with another significant breach that took place in January 2023, causing concerns about the implications for user security.
In the context of the previous breach, which affected roughly 209 million users, sensitive data such as usernames, display names, follower counts, and account creation dates were compromised. Despite X’s assertions that the leak consisted solely of publicly accessible information, security experts warned that the combination of public and potentially sensitive data could facilitate identity theft and phishing attacks.
The new breach, however, presents a different risk profile. It does not include email addresses but offers an extensive array of profile metadata. Included in the leak are user IDs, screen names, profile descriptions, follower counts, and timestamps of the last tweets. This wealth of information can be exploited by malicious actors for various nefarious purposes, painting a vivid picture of user activities over time.
ThinkingOne, recognized for expertise in data analysis and breach research, has taken significant steps to combine the 2025 leak with the earlier 2023 incident, resulting in a single CSV file comprising 201 million entries. It is crucial to clarify that this merged dataset does not contain new email addresses but instead reflects the emails from the prior breach, thereby creating confusion regarding the scope of the current incident.
Interestingly, despite the reported figure of 2.87 billion users impacted, this number raises questions when considering X’s user base, which stood at approximately 335.7 million as of January 2025. Speculations suggest that the dataset may include aggregated information or historical data from accounts that have been deactivated or deleted, along with potentially non-user entities. Another theory proposes that the leaked data might have been compiled from various public sources rather than being sourced solely from X.
At the heart of this incident lies the mystery of ThinkingOne’s access to this trove of leaked data. Unlike typical hackers, their reputation lies in analyzing and interpreting leaked datasets rather than conducting breaches themselves. The assertion that a disgruntled employee was behind this leak remains a theory, lacking concrete evidence.
The silence from X amidst these claims raises troubling questions regarding corporate accountability and transparency. If accurate, this breach not only represents a significant security incident but also undermines user privacy. The lack of any official communication from X regarding the breach elicits concerns about the company’s internal response to potential insider threats and the broader implications for user data protection.
This incident reflects a growing trend of serious security vulnerabilities in the tech landscape. Analyzing it through the lens of the MITRE ATT&CK framework suggests the applicability of tactics such as initial access and persistence, indicating potential areas of weakness that need to be addressed by businesses operating in similar spheres. As this story unfolds, the implications for user data privacy and corporate security must remain at the forefront of discussions within the cybersecurity community and beyond.
