Major Data Breach Leaks Over 200 Million User Records from X, Formerly Twitter

X, the social media platform formerly known as Twitter, has recently faced significant scrutiny as a staggering data breach comes to light. This incident raises alarm bells for users, as critical personal information may have been compromised.

Reports surfaced earlier this month about a massive data leak involving X. The self-proclaimed data enthusiast, known as “ThinkingOne,” claims to have shared a database containing over 200 million user records on a widely used hacker forum. This leak includes user names, email addresses, and various other details associated with the users’ profiles on X.

The breach seems to include a mix of compromised data, stemming from incidents dating back to January 2025 and even earlier. The leaked dataset, reportedly a 34 GB CSV file, comprises 201,186,753 entries that reveal sensitive information such as X usernames, user IDs, full names, locations, email addresses collected from the 2023 breach, follower counts, profile metadata, time zones, and profile images.

ThinkingOne asserted that this data was cross-referenced from a larger breach involving an astonishing 2.8 billion unique Twitter IDs and screen names. Although the speculation suggests an insider breach during layoffs at X, the company has yet to officially confirm this theory. Cybersecurity researchers have partially validated the authenticity of the leaked data by matching a selection of records with publicly available X profiles; however, complete confirmation of ownership remains unachieved.

Tracing the Breach’s Origins

Investigations indicate that the breach may have its roots in a vulnerability reported in January 2022, identified during X’s bug bounty program. This flaw allowed cybercriminals to infiltrate user data by utilizing only an email address or a phone number. Despite the patching of this vulnerability, it appears that the compromised data resurfaced in subsequent leaks.

The Risks Involved

It is crucial to note that the 2025 incident did not expose passwords or financial details. However, the exposure of email addresses from earlier breaches significantly heightens risks related to phishing and social engineering. At the time of writing, X had not explicitly acknowledged this particular breach, instead downplaying the earlier 2023 incident by asserting that it primarily involved publicly accessible data.

The vast total of 2.8 billion records surpasses X’s estimated total of 335 to 600 million active users, suggesting that the dataset likely includes inactive accounts, bots, or historical data. While the full ramifications of the breach remain uncertain, it highlights the ongoing challenges regarding security on the platform, particularly following its acquisition by xAI in March 2025.

Steps to Protect Your Online Identity

If you use X or suspect your data may have been part of this breach, it is essential to take proactive steps to safeguard your digital identity. Here are critical actions you can consider.

1) Strengthen Your Device Security

This breach has revealed email addresses tied to X accounts, a primary target for phishing attacks. Cybercriminals may attempt to lure users with messages appearing to be from X or its representatives, urging them to verify accounts or reset passwords. Often, these communications contain malicious links or attachments that could compromise personal data.

To prevent such threats, install reliable antivirus software across all devices. Strong antivirus programs can help identify phishing scams and protect against ransomware by alerting users to suspicious emails and links.

2) Limit Your Online Footprint

Given that the leak contains full names and email addresses, hackers may cross-reference this information with databases from other sites to create comprehensive profiles of victims. To mitigate this risk, utilize reputable data removal services that specialize in requesting the deletion of personal information from data broker websites. Although complete removal cannot be guaranteed, these services offer effective monitoring solutions to protect your personal information over time.

3) Update Your Passwords

Although the breach does not involve passwords, the risk remains substantial, particularly if the same passwords are reused across multiple accounts. Cybercriminals often attempt to exploit email addresses with common or previously leaked passwords to infiltrate accounts.

To change your password on X, navigate to Settings and privacy in your profile menu. Select Your account and proceed to Change your password. A strong, unique password is vital for securing your account; consider leveraging a password manager for added security.

4) Enhance Your Profile Privacy Settings

To minimize future risks, adjust your profile privacy settings. Ensure that only necessary information is publicly visible and consider making your profile private. Personal details, even seemingly harmless, can be exploited by cybercriminals for identity theft or account access.

It is prudent to continuously evaluate the information you share publicly, as scammers can use such data for crafting convincing social engineering attacks.

5) Activate Two-Factor Authentication (2FA)

Given that your email may have been compromised, enabling two-factor authentication is a protective measure that adds an extra layer of security. This feature requires a secondary code for login, mitigating risks associated with unauthorized accesses.

6) Utilize a VPN When Using Public Wi-Fi

When accessing X or other platforms via public Wi-Fi, employ a Virtual Private Network (VPN) to encrypt your data and safeguard against potential interception by malicious actors. A reputable VPN is essential for maintaining online privacy and ensuring a secure connection.

7) Stay Alert with Identity Theft Protection

With over 200 million email addresses compromised, scammers are likely to exploit this information for fraudulent activities. Engaging with identity protection services can help alert you if your details surface in dark web transactions or unauthorized attempts to access accounts.

A Lesson in Data Security

The breach at X serves as a stark reminder that addressing vulnerabilities is only one part of managing data security. Even when a flaw is fixed, the persistence of leaked data years later emphasizes the enduring risks associated with major breaches. It shows how critical it is to safeguard identifiable information, as it can easily be weaponized in correlation attacks and AI-driven social engineering attempts.

Are you confident that companies are taking adequate steps to protect your data from cyber threats? Share your thoughts by reaching out to us with your insights.

For more tech tips and security alerts, subscribe to our informative newsletter.