Massive 400GB of X (Twitter) User Records Allegedly Leaked – 2.8 Billion Records Exposed Online | The Largest Social Media Data Breach in History?

In what could be the largest social media data breach in history, over 400GB of X (formerly Twitter) user data, containing 2.873 billion records, was reportedly leaked online in January 2025. This breach has caused significant alarm in the cybersecurity community, with implications for both social media security and user privacy.

The Alleged Leak and Its Background

The breach, which first came to light on March 28, 2025, was revealed by a data leak forum user known as “ThinkingOne.” The individual claims that the leak occurred due to actions taken by a disgruntled employee during a period of widespread layoffs at X. Despite attempts by ThinkingOne to alert X about the breach, the company reportedly ignored the claims, prompting the leak to be shared publicly.

The stolen data, which is said to be a combination of a 2023 Twitter breach and the newly exposed 2025 data, includes a vast array of user details. This breach is alarming due to the sheer scale of data exposed and the extensive user information it contains.

The Scale of the Breach

The total dataset amounts to a staggering 400GB of information, and it is believed that nearly 2.873 billion user records were compromised. The data consists of extensive personal details, including user IDs, email addresses, follower counts, account creation dates, and much more. This leak surpasses all previous social media breaches in terms of scale, positioning it as the second-largest breach in history, just behind the infamous National Public Data breach (3.1 billion records).

Data from the 2023 Breach Combined with New 2025 Leak

ThinkingOne stated that they merged the new 2025 data with records from the 2023 Twitter breach—which had initially been dismissed by X as "public data." By combining the two, they compiled a single 34GB CSV file (9GB when compressed), which contained 201,186,753 entries from users whose screen names were present in both datasets. These records are rich in details, including email addresses, screen names, account creation dates, follower counts, and more.

Example of Evolving User Data:

Here’s an example of how the user data evolved from 2023 to 2025:

• 2023 Breach (Basic Data):

  • Email: [email protected]

    
    

  • Name: The Trump Network

  • Screen Name: TrumpOnline

  • Followers: 1,014

  • Created At: 2009-05-21

• 2025 Updated Data:

  • ID: 41610628

  • Screen Name: TrumpOnline

  • Name: The Trump Network

  • Location: Everywhere

  • Description: People helping people to be their best.

  • Email: [email protected]

  • Time Zone: -18000

  • Language: en

  • Followers Count: 1,002

  • Friends Count: 0

  • Statuses Count: 194

This new dataset goes into far more depth, with additional fields like user IDs, time zones, language preferences, and detailed activity metrics, showcasing a massive increase in the amount of personal data exposed in the breach.

Further Discovery of 165 Files Linked to the Breach

A deeper investigation by We Cyber Press revealed that 165 files were associated with the breach. Among these files were multiple compressed CSV files, dated January 2025, containing user data. These files, which ranged in size from 361MB to 376MB each, suggest a massive data dump that corroborates ThinkingOne's claim of a 400GB leak.

Notable Files Discovered:

Here are some of the notable files uncovered:

• twitter_users_003.csv.xz – 372.6 MB

• twitter_users_010.csv.xz – 376.0 MB

• twitter_users_011.csv.xz – 370.9 MB

• twitter_users_014.csv.xz – 361.2 MB

Authenticity of the Data Leak

ThinkingOne has confidently vouched for the authenticity of the leaked data, stating that although they didn’t check every record, their analysis of it suggests that the breach is indeed real. The process by which the data was obtained is still unclear. While some experts have speculated that this may involve an extraordinary feat of enumerating 2.8 billion screen names or user IDs, ThinkingOne insists it wasn't done through brute force methods.

This breach is significant because, if true, it highlights just how much data X (formerly Twitter) stores beyond their reported Monthly Active Users (MAU) figure of around 600 million. The 2.8 billion records indicate that the platform’s total user base could be far larger than previously believed.

Potential Consequences of the Breach

The potential fallout from this breach is massive, especially if sensitive personal information—such as phone numbers, addresses, and passwords—was included in the leak. While ThinkingOne has not confirmed whether these details are part of the leaked data, the exposed information is already extensive, including:

• Emails: Used for targeted phishing attacks.

• Screen Names and Followers: Potential for social engineering and targeted harassment.

• Activity Metrics: Insights into users’ online behavior, offering a chance for profiling.

If the leaked data is verified and if additional sensitive details are included, it could lead to a surge in identity theft, phishing attempts, and targeted attacks aimed at individuals whose data was exposed.

The Online Response and Speculation

The leak has sparked a flurry of reactions online, with users expressing concern over the scale of the breach. Some are questioning whether X (formerly Twitter) will respond to the leak or take any action. One user noted, “Ok yeah, just posted the largest breach in history (if this is real), history has been made?” The rapid spread of the data, including the circulation of torrent links and file-hosting services, indicates that this breach may already be part of a broader issue of data exfiltration and dissemination.

X’s Response (or Lack Thereof)

As of now, X (Twitter) has not issued an official statement regarding the breach. This silence has fueled further speculation, with many asking if the company is aware of the extent of the breach and what steps, if any, they are taking to protect affected users.

Looking Forward: A Wake-Up Call for Social Media Security

If this breach is proven to be legitimate, it will serve as a wake-up call to social media platforms about the vulnerability of user data. For users, it highlights the importance of protecting personal information online and remaining vigilant against phishing and identity theft.

For businesses and cybersecurity experts, it underscores the need for stricter data security protocols and constant monitoring to prevent such large-scale breaches in the future. X (formerly Twitter) must now contend with the ramifications of this massive leak, and the broader industry may also face new regulations and scrutiny over how they handle user data.

Conclusion

The 2025 X (Twitter) data breach is potentially the largest social media leak to date, with 2.8 billion records exposed. The scale and severity of the breach, compounded by the suspicious timing during employee layoffs, signal a significant turning point for social media security. As more details emerge, users and platforms alike must take immediate steps to safeguard personal information and prevent similar breaches in the future.

FAQs:

What is the 2025 X (Twitter) data breach?

The 2025 X data breach is a massive leak of 400GB of user data, containing 2.873 billion records of Twitter users, allegedly caused by a disgruntled employee during a period of layoffs.

How did the breach happen?

The breach is believed to have been caused by an internal disgruntled employee who gained access to the data and leaked it online.

How much data was leaked in the breach?

The breach reportedly involved 400GB of data, making it one of the largest social media breaches to date.

How many user records were exposed?

Approximately 2.873 billion user records were exposed during the breach.

What types of personal information were leaked?

The leaked data includes email addresses, screen names, follower counts, account creation dates, user IDs, language preferences, and more.

Was this breach part of a previous Twitter leak?

Yes, the leaked data is a combination of the 2025 breach and a 2023 Twitter breach.

How did ThinkingOne contribute to the leak's exposure?

ThinkingOne, a data leak forum user, exposed the breach after claiming that X had ignored attempts to address the situation.

What is the significance of this breach?

This breach is believed to be the largest social media data breach in history, surpassing many previous breaches in terms of scale.

Could the breach have involved more sensitive data?

There is speculation that phone numbers, addresses, and passwords may have been included in the leaked data, but these details have not been confirmed.

What are the potential risks of this breach?

The breach could lead to identity theft, phishing attacks, and targeted harassment due to the vast amount of personal data exposed.

Did X (Twitter) respond to the breach?

As of now, X has not made an official statement or acknowledged the breach publicly.

How did the data leak forum play a role?

A data leak forum profile named ThinkingOne shared the leaked files online, drawing attention to the breach and encouraging further investigation.

Is this breach related to employee misconduct?

Yes, the breach is suspected to have been carried out by an internal employee during a period of layoffs at X.

Can the leak be traced back to a specific vulnerability?

The exact method of how the breach occurred remains unclear, with speculation suggesting it could be related to employee access rather than external hacking.

How did the leaked data evolve from the 2023 breach to the 2025 leak?

The new data added user IDs, time zones, activity metrics, and more detailed information compared to the basic user data exposed in the 2023 breach.

Is the 2025 data leak available for public download?

Yes, the leaked data has been shared online via torrent links and file-hosting services such as gofile.io.

What is the total size of the data leak?

The data totals 400GB, with individual files ranging from 361MB to 376MB each.

Was the data leak intentional or accidental?

The leak appears to have been intentional, with the data being shared by a disgruntled employee on a public forum.

What are the potential consequences for X (Twitter) as a result of this breach?

The breach may lead to significant damage to X's reputation, increased scrutiny from regulators, and legal consequences related to user privacy violations.

Are the leaked records authenticated?

While ThinkingOne claims the data has been thoroughly analyzed and confirmed as authentic, the exact details of the leak remain unverified by X.

Will there be legal consequences for the employee involved?

The employee responsible could face legal action, depending on the investigation and the outcome of any formal charges brought by X or authorities.

How many files were linked to the breach?

A total of 165 files were found in connection with the breach, including compressed CSV files containing user data.

How does this breach compare to other social media breaches?

This breach is considered the largest social media breach in history, surpassing prior incidents like the National Public Data breach.

How could this breach affect Twitter users?

Users whose data was exposed could become targets for phishing and identity theft, as well as experience targeted attacks based on the leaked information.

How can users protect themselves after the breach?

Users should monitor their accounts for suspicious activity, change passwords, and be cautious of any phishing or social engineering attempts.

What steps should social media platforms take after this breach?

Platforms should implement stronger security protocols, such as enhanced user verification, encryption, and continuous monitoring of internal systems.

Is the leak a result of hacking or internal access?

The leak is suspected to be the result of internal access rather than external hacking, which makes it particularly alarming.

What could happen if more sensitive data is found in the leak?

If more sensitive data like phone numbers or addresses is found, the risks of identity theft and targeted attacks could increase significantly.

How has the online community reacted to the breach?

Many users have expressed shock at the scale of the breach, with some questioning whether X will take appropriate action.

What lessons should be learned from this breach?

This breach highlights the need for better data protection, transparency in social media security practices, and an emphasis on user privacy in all digital platforms.