A data enthusiast has released a huge collection of sensitive information from X users (formerly Twitter). The breach is being called the biggest in social media history. It exposes details of around 200 million user records. However, the full scale is even worse. Around 2.8 billion unique Twitter IDs have also been stolen.
The Largest Social Media Breach Ever Recorded
This staggering number surpasses the platform’s monthly active user base, suggesting that the breach includes both active and inactive accounts. The leaked data reportedly contains usernames, IDs, full names, locations, email addresses, follower counts, profile images, time zones, and more.
Cybersecurity experts have verified that at least part of the leaked information is genuine, making this incident a serious privacy concern for millions of users worldwide.
Exploiting an Old Twitter Vulnerability
The breach likely started from a flaw found in January 2022, when X was still called Twitter. The company’s bug bounty program spotted the issue. It allowed attackers to steal data by entering email addresses or phone numbers. This let them access profile details without permission.
By July 2022, Twitter admitted that the flaw had been used by hackers before it was fixed. The company confirmed that huge amounts of user data were being sold on dark web forums.
By 2025, the effects of that flaw are still causing damage. The person behind the new leak, called “ThinkingOne”, claims they combined data from the 2022 breach with a newer one. The result is a huge 34 GB file with over 201 million records.
To make matters worse, ThinkingOne gave the data away for free on a well-known data breach forum. They claim to have reached out to X for a response but received no reply, prompting them to release the records publicly.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
Why This Breach Is So Serious
This leak is especially dangerous because it may affect nearly every X user. Hackers have reportedly compromised 2.8 billion unique Twitter IDs. The dataset may include inactive accounts and even accounts that no longer exist.
Hackers can use the exposed email addresses and other personal information for phishing scams, identity theft, or social engineering attacks, even though the leaked records do not seem to include passwords. Cybercriminals may also exploit this data to target influential accounts or impersonate users.
Experts warn that email-based phishing scams are likely to rise in the wake of the breach. Attackers could send deceptive messages appearing to be from X, tricking users into revealing sensitive details or downloading malware.
The huge size of the dataset has made experts question how it was stolen. In an email, ThinkingOne guessed that the list of Twitter IDs was too large to be collected without insider help or a major hack. This has raised fears that more hidden breaches may have happened, putting even more user data at risk.
This breach is a strong warning about the rising risk of online data leaks. For millions of X users, the stolen data could lead to fraud, scams, or fake accounts. Cybersecurity experts urge users to stay alert. They recommend using two-factor authentication and being careful with suspicious emails or messages.
Critical Vulnerabilities: The Dark Side of Pacemaker Technology