Huge Twitter (X) profile information leak exposes particulars of two.8 billion customers; alleged insider leak surfaces with no official response from the corporate.
A knowledge leak involving a whopping 2.87 billion Twitter (X) customers has surfaced on the notorious Breach Boards. In line with a put up by a person named ThinkingOne, the leak is the results of a disgruntled X worker who allegedly stole the info throughout a interval of mass layoffs. If true, this may be the biggest social media information leak in historical past, however surprisingly, neither X nor the broader public seems to concentrate on it.
What We Know Concerning the Leak
The unique put up by ThinkingOne states that the info, round 400GB price, was possible exfiltrated throughout messy layoffs at X. The poster claims that they tried contacting X via a number of strategies however acquired no response.
Annoyed with the dearth of acknowledgment from X and most of the people, they took issues into their very own arms and determined to merge the newly leaked information with one other notorious breach from January 2023.
The 2023 Breach Recap
To know the total scope of what was leaked, wanting on the 2023 X information breach that affected round 209 million customers is necessary. That breach uncovered:
- Show names and usernames (handles)
- Followers rely and account creation dates
On the time, X downplayed the leak, stating that it consisted of publicly accessible information. Regardless of the large publicity of e mail addresses, they insisted that no delicate or personal info was concerned. Nonetheless, safety consultants warned that the mixture of emails and public information might allow phishing and identification theft on a big scale.
What’s Contained in the Alleged 2025 Leak?
The 2025 leak, nevertheless, is a totally totally different beast. In contrast to the 2023 leak, it doesn’t comprise e mail addresses, but it surely does maintain a goldmine of profile metadata, together with:
- Consumer IDs and display screen names.
- Profile descriptions and URLs.
- Location and time zone settings.
- Show names (present and from 2021).
- Followers rely from each 2021 and 2025.
- Tweet rely and timestamps of the final tweet.
- Buddies rely, listed rely, and favorites rely.
- Supply of the final tweet (corresponding to TweetDeck or X Internet App).
- Standing settings (like whether or not the profile is verified or protected).
The information offers an in depth snapshot of customers’ profiles and exercise over time, together with bios, follower counts from totally different years, tweet historical past, and even the app used for the final tweet. However the one factor it doesn’t embrace is essentially the most delicate bit: e mail addresses.
The Information Mashup
ThinkingOne, a widely known determine on Breach Boards for his or her talent in analyzing information leaks, determined to mix the 2025 leak with the 2023 one, producing a single 34GB CSV file (9GB compressed) containing 201 million merged entries. To be clear, the merged information solely consists of customers that appeared in each incidents, making a confusion of public and semi-public information.
This messy mixture led many to imagine that the 2025 leak additionally contained e mail addresses, however that’s not the case. The emails proven within the merged file are from the 2023 breach. The presence of emails within the merged dataset has given the incorrect impression that the contents of the 2025 leak additionally embrace e mail addresses.
Why 2.8 Billion Doesn’t Add Up
As of Jan 2025, X (previously Twitter) had round 335.7 million customers, so how is it attainable that information from 2.8 billion customers has been leaked? One attainable rationalization is that the dataset consists of aggregated or historic information, corresponding to bot accounts that have been created and later banned, inactive or deleted accounts that also lingered in historic information, or previous information that was merged with newer information, growing the entire variety of information.
Moreover, some entries won’t even characterize actual customers however might embrace non-user entities like API accounts, developer bots, deleted or banned profiles that remained logged someplace, or group and model accounts that aren’t tied to particular person customers.
One other risk is that the leaked information wasn’t completely obtained from Twitter itself however relatively scraped from a number of public sources and merged collectively, together with archived information from older leaks or info from third-party providers linked to Twitter accounts.
Who Is ThinkingOne, and How Did They Get the Information?
One of many largest mysteries is how ThinkingOne managed to acquire the 2025 leaked information within the first place. In contrast to typical hackers, they don’t seem to be recognized for breaching methods themselves however are extremely regarded for analyzing and deciphering leaked datasets. Whether or not they acquired the info from one other supply or performed some refined information aggregation remains to be unclear.
Their concept {that a} disgruntled worker leaked the info in the course of the layoffs stays unconfirmed, and there’s no concrete proof to assist it; it’s only a believable speculation given the timing and inside mess at X.
Why the Silence from X?
If the claims are true, this isn’t only a large information leak in measurement but additionally a blow to person privateness. Moreover, whether or not this was an inside job or not, customers are left with extra questions than solutions: How a lot of their information has been “taken”? Who’s behind the leak? And why hasn’t X stated something about it, even after ThinkingOne tried reaching out a number of occasions?
