Huge X data breach allegedly leaks 200 million social media records

Safety Detectives have found a post from a self-proclaimed data enthusiast that goes by the name ThinkingOne, which included a 34GB file with more than 200 million entries of data reportedly from X users.

The data includes several metadata characteristics on each account, such as ID and location, and the author of the post claims that they were able to gain access to information of 2.8 billion X users – making it the biggest social media data breach in history.

All this new data was then connected to the information leaked in January 2023 (name, screen, email, followers, and data of creation).

Although passwords weren’t leaked, it’s enough information for hackers to attempt to gain access to accounts that don’t have extra security steps like two-factor authentication.

The file was free to download, so anyone who saw the post could have access to this information.

Considering the type and amount of information that was stolen, it’s not unthinkable that this might have been an inside job, likely as a retaliation to the major layoffs that happened throughout the years since the acquisition of Twitter by Musk in 2022.

X has never been the company to fully own their data leaks, even when it was still Twitter.

Back in 2023, the company denied the declarations that the information had been obtained by exploiting a vulnerability of Twitter systems. Instead, they claimed that the data was a collection of information already publicly available online through different sources.

They did report the 2022 data leak when hackers took advantage of a bug that allowed someone to enter a phone number or email address into the login to learn if that information was tied to an existing Twitter account.

However, when it comes to the 2025 leak, nothing has been said by X at the time of writing this article.

The information that has been stolen is gold to deploy more convincing social engineering attacks.

In short, malicious actors are able to send out phishing and spearphishing campaigns using your personal information to make messages look like they come from X or other sources to trick you into sharing more sensitive information.

The data can also be used to try to guess your password through brute-force attacks or other methods.

So, we recommend that you:

• Enable two-factor authentication: Enabling two-factor authentication ensures that hackers can’t access your account even if they find out your password.
• Change your passwords: Change your X password and if you use the same passcode to any other account, change those accounts’ passwords as well. We suggest using a password manager to create random and unique passwords for all your accounts.
• Beware of phishing attempts: if your account has been compromised, it’s very likely you’ll start getting weird messages trying to get your information. Be careful with all the messages you receive, or get an antiphishing tool. Some antiviruses come with antiphishing, so it’s also a useful app to put your money on.
• Update privacy settings: Go through your X and other social media accounts and update your privacy settings. Only share information that you wouldn’t mind a complete stranger to know about.

Cybercrime is more prevalent than ever. It’s essential that you invest in online security software, follow best practices to a T, and stay up-to-date on the latest data breaches and hacking trends.