X (formerly Twitter) has reportedly suffered a significant data breach, with claims of insider involvement leading to the exposure of data from approximately 2.8 billion users. According to hackers on the infamous Breach Forums, a dataset containing nearly 2.8 billion records has been made public.
A forum post alleges that the breach originated from a disgruntled X employee, who purportedly exfiltrated the data during a period of mass layoffs at the company. Despite the seriousness of the breach, neither X nor mainstream media outlets appear to have acknowledged or reported on it.
A user claiming by the handle “ThinkingOne” released the dataset on March 28, 2025, stating that it was the work of a frustrated X employee who had taken out some 400GB of customer data amid the company’s unstable layoffs.
The forum post indicates that ThinkingOne attempted to contact X through various channels but received no response. Frustrated by the silence, the newly discovered data was combined with data from a prior hack going back to January 2023.
While it is possible that much of the leaked data was already publicly accessible, cybersecurity experts warn that such extensive collections are still highly valuable to criminals launching social engineering, identity theft, or targeted phishing efforts.
What Data Does the Massive X (Twitter) Leak Contain?
The 2025 breach represents a shift from the earlier 2023 incident. Although the latest leak does not contain email addresses, it comprises a vast trove of profile metadata. This contains account creation dates, user IDs, screen names, profile descriptions, URLs, location and time zone information, as well as display names from the current year and back to 2021.
Along with information on the source of the most recent tweet (such as TweetDeck or X Web App) and profile status, it also displays follower numbers (from 2021 and 2025), tweet totals with current timestamps, and engagement metrics like friends, listed, and favourites counts.
This extensive dataset offers an extensive view of users’ behaviour over time, showing patterns in interaction, tweet history, and follower growth. However, the most important data, email addresses, is notably missing.
Interestingly, ThinkingOne combined the 2025 data with the 2023 breach. The end result was a 34GB CSV file (9GB compressed) with 201 million combined entries from customers impacted by both incidents.
The addition of email addresses that were only taken from the 2023 breach has caused confusion because it has been mistakenly believed that the 2025 leak also includes this type of information.
X allegedly has over 335.7 million users as of January 2025. However, it looks like 2.8 billion consumers’ data was compromised. The fact that the dataset contains historical or aggregated data is one explanation.
This could involve bot accounts that were created and later banned, as well as inactive or deleted accounts that still remain in historical records. It could also include older data that has been combined with recent information, affecting the overall number of records.
It is possible that some listings could possibly not even reflect actual users. Non-user entities like developer bots, API accounts, or profiles that have been removed or banned but are still signed in may be among them. Additionally, organisation and brand accounts that are not tied to individual users might be part of the dataset.
Currently, it is unclear how the breach occurred. While the dataset may affect over 200 million unique users, it reportedly involves 2.8 billion records, potentially making it one of the largest social media data breaches in history.
It is important to note that no highly sensitive personal information (such as passwords or financial details) appears to have been leaked. Many of the accounts are likely to belong to bots, spammers, or users who have since deleted their profiles.
Analyst platforms such as Statista estimate X’s active global user base at around 400 million, suggesting that a significant portion of the compromised records do not belong to real individuals.
X has yet to formally recognise the breach as of March 30, 2025. Whether or if any other sensitive information was made public will determine the possible consequence. It would be the second-largest data breach in history, only eclipsed by the National Public Data leak of 3 billion records, if the incident is verified as legitimate.
Have a look at our Free Click-Prone® Test to find out how many of your users are prone to clicking on phishing emails. Also, try out our Free Domain Spoofing Test to see if your domain can be spoofed, a classic attack vector for modern hackers.
