Elon Musk’s social media platform, X, has once again made headlines—for all the wrong reasons. Following reports of xAI’s $33B purchase of X, claims of bad actors being behind platform outages, and X password scams targeting users, another concerning development has emerged.
A data enthusiast called ThinkingOne has released a database allegedly containing details of around 200 million X user records. Here’s what we know so far.
X Vulnerability Exploited to Access User Data
The origins of this breach date back to January 2022, when Twitter, as it was then known, identified a vulnerability through its bug bounty program. This flaw allowed malicious actors to retrieve user data using only an email address or phone number.
By July 2022, Twitter confirmed that bad actors had exploited the vulnerability before it was patched and were selling the acquired data. “After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed,” Twitter said at the time.
Now, this security lapse has resurfaced, potentially impacting X users once again. ThinkingOne claimed that the 2025 data leak of 2.87 billion X user records was caused by a disgruntled employee during mass layoffs. The leaked dataset reportedly includes metadata such as account creation dates, user IDs, screen names, and follower counts, but no email addresses.
Purportedly frustrated by X’s lack of response, ThinkingOne merged this dataset with an earlier 2023 breach, creating confusion about its contents.
Leaked Data Released for Free
ThinkingOne shared their findings on a well-known data breach forum. They said there was “no sign that X or the general public is aware of the largest social media breach ever.” They also claim to have “tried contacting X via several methods with no response,” and as a result, released the data for free.
According to the cybersecurity team at Safety Detectives, which first reported the leak, ThinkingOne claims they “only have included records of X users present in both datasets.” The result is a 34 GB CSV file containing 201,186,753 data entries.
Safety Detectives analyzed a sample of the dataset for authenticity. “We reviewed the information corresponding to 100 users in the list, and we found that it matched what was shown on Twitter. We also verified a considerable amount of emails, which turned out to be valid email addresses, though we cannot confirm that the emails belong to the accounts listed.”
The file reportedly consists of 1,048,576 rows, each containing multiple data points on an X user. Since the data was freely available on the forum, anyone with an account could download it.
Potential Risks from the Data Exposure
The exposure of this data puts the security and privacy of affected users at risk in several ways.
- Phishing Attacks: Malefactors can use leaked data to fashion realistic-looking emails or messages that appear to be from X or other trusted entities, fooling users into divulging sensitive information or clicking malicious links.
- Targeted Scams: Scammers can leverage their knowledge of a user’s activity on X to tailor their fraudulent activities to appear more credible.
- Social Engineering Attacks: Threat actors can manipulate targets into revealing confidential information or performing actions that compromise their security.
How to Protect Yourself
If you believe your information may have been included in the breach, consider taking the following steps to safeguard your security:
- Beware of Phishing Attempts: Be skeptical of unsolicited emails, messages, or calls requesting personal or payment information, and never click on links or download attachments from unknown sources.
- Update Privacy Settings: Review and adjust privacy settings on all social media accounts and other online platforms to limit public access to your personal information.
- Review Account Permissions: Review account permissions and never give any app access to any permission it shouldn’t need to run effectively.
- Be Aware of Social Engineering : Educate yourself about phishing and scam tactics. Always verify the authenticity of unexpected communications before responding.
- Report Suspicious Activity: Inform X of any fraudulent behavior or suspicious messages related to this breach. Avoid sharing information with unknown or unverified contacts.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.