Twitter X and Royal Mail Data Breach Exposed on the Dark Web

Royal Mail Suffers Major Data Breach: 144GB of Sensitive Information for Sale

Royal Mail recently reported a significant cyber breach that has drawn widespread attention, as hackers have stolen a large volume of sensitive information now being offered for sale on the dark web. This event follows a sophisticated attack that compromised the company’s systems by infiltrating Spectos, a technology partner based in Germany.

In mid-March 2025, the breach was confirmed by Royal Mail, where the hacker group known as ‘GHNA’ managed to circumvent security measures, accessing a database that contained approximately 144GB of data related to the Royal Mail Group. The compromised records include sensitive customer documents and internal communications, such as recordings of Zoom meetings between Spectos and Royal Mail, which are currently being marketed on illicit online platforms.

This incident is not an isolated case for Royal Mail. In 2023, the organization had faced a ransomware attack attributed to the infamous LockBit group, which initially demanded a ransom of £65.7 million before retracting their claim after realizing the company was not their intended target.

The implications of this breach are profound, given the nature of the data exposed. It raises critical questions about the security measures in place for organizations that handle sensitive information. The potential for identity theft and privacy infringements increases not only for customers but also for employees whose data may have been compromised.

Former Employee Leaks 400GB of Data from X (formerly Twitter)

In a separate but equally concerning incident, a former employee of X has allegedly posted 400GB of data on a dark web forum. This breach is supposedly linked to the mass layoffs that began in late 2023 and have persisted into 2024 and 2025. The hacker, operating under the alias “Thinking One,” claims to have extracted sensitive information pertaining to over 2.87 billion user accounts on the platform.

On March 28, 2025, the hacker made the data available on a breach forum, yet it remains unsold as of April 1, 2025, despite being listed for several days. The leaked information primarily consists of metadata, including user profile IDs, screen names, account descriptions, creation dates, follower counts, and records of user activity detailing devices used for tweeting and account settings.

Notably, some of the dataset appears to have been obtained from data stolen in 2023, while other portions indicate fresh extraction from X’s servers. This suggests the hacker may have been exploiting vulnerabilities within the company over an extended timeframe, possibly capitalizing on system weaknesses amid ongoing layoffs.

The ramifications of this breach for user data security on social media platforms are substantial, especially given the scale of the dataset, which encompasses billions of users. Though the exposed data does not directly include passwords or sensitive personal details, the metadata provides sufficient information to create detailed user profiles, increasing risks for targeted cyber threats such as phishing, fraud, and social engineering.

These two incidents highlight the ever-evolving landscape of cyber threats and the essential need for organizations to enhance their cybersecurity protocols. Ongoing investigations into both breaches are anticipated to bring further clarification and detail as organizations seek to bolster their defenses against increasingly sophisticated cyber risks.

Ad

Join our LinkedIn group Information Security Community!

Source