A massive 400GB dataset with info from 2.87 billion X (formerly Twitter) users has appeared on hacker forums. Allegedly from January 2025, it’s one of the biggest social media leaks ever.
Breach Details
On March 28, 2025, a hacker known as “ThinkingOne” revealed a massive data leak on a cybercrime forum, claiming it resulted from an insider attack during recent layoffs at X. According to their statement, the breach was carried out by a disgruntled employee who exploited internal access to exfiltrate user data.
ThinkingOne alleged that they attempted to notify X and warn users, but their efforts were ignored, prompting them to release details of the breach publicly. The leaked dataset is a combination of this new breach and a previously exposed 2023 Twitter data leak involving 200 million users. At the time, X dismissed the earlier breach as “publicly available information.”
According to ThinkingOne, only records that appeared in both datasets were retained, resulting in a final collection of 201,186,753 unique user entries. This consolidation raises concerns about long-term data exposure, as it confirms persistent vulnerabilities within X’s data security framework.
Expanded Data Exposure in the 2025 Leak
The 2023 breach primarily exposed basic user information like names, screen names, and follower metrics. However, the newly surfaced 2025 dataset contains significantly more detailed user data, raising serious privacy concerns.
Additional fields now included in the leak are:
- User IDs
- Location and time zone
- Language preferences
- Friend and follower counts
- Status updates and detailed user activity metrics
For example, the account “TrumpOnline,” which was part of the 2023 breach, now features expanded metadata such as:
- ID: 41610628
- Time Zone: -18000
- Language: en
- Follower Count: 1,002
- Last Status Created At: 2011-09-06
The addition of these fields significantly increases the potential risks for affected users, making the data more useful for targeted phishing, identity theft, and other malicious activities.
Cyber Press, a cybersecurity investigative team, uncovered files linked to the breach, revealing 165 datasets containing structured user data from January 24, 2025. Some examples include:
- twitter_users_003.csv.xz – 372.6 MB
- twitter_users_010.csv.xz – 376.0 MB
- twitter_users_014.csv.xz – 361.2 MB
The hacker, ThinkingOne, insists the data is authentic but hasn’t disclosed how it was obtained. If verified, this breach could be the second-largest in history, behind the 2021 National Public Data leak of 3.1 billion records.
With X reporting 600 million Monthly Active Users (MAUs), ThinkingOne claims the platform’s total registered accounts far exceed this, making the 2.8 billion leaked records plausible.
Online reactions have been swift, with users debating the breach’s impact. One commented, “History has been made if this is real.”
As of now, X has not issued an official response, leaving millions uncertain about their data’s security. This breach highlights the urgent need for stronger cybersecurity measures and transparency in protecting user data.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment