A massive data leak has surfaced, exposing information from 2.8 billion users of X. The leak was allegedly caused by a disgruntled employee during a period of layoffs at X, though no confirmation has come from the company. The data, which appeared on Breach Forums, includes details like user IDs, profile descriptions, follower counts, and tweet history, but notably lacks email addresses. The incident has been compared to a 2023 breach that exposed email addresses and other public data, though the 2025 leak contains more in-depth user metadata.
The leaked data provides a detailed snapshot of users’ profiles, including creation dates, follower and friend counts, bios, and more.
Unlike the 2023 breach, this leak doesn’t include sensitive information like emails, though it does contain years of user activity. The breach was later merged with the 2023 breach, creating confusion about the presence of email addresses. The merged file includes 201 million entries, but only those that appeared in both breaches, leading to a misunderstanding about the scope of the 2025 leak.
Despite claims that the 2025 leak involves 2.8 billion users, this figure doesn’t align with the number of active users on X. Possible explanations for this discrepancy include data from inactive or deleted accounts, bot accounts, and historical records being merged into the dataset. Another possibility is that the data was scraped from public sources or obtained through third-party services rather than coming directly from X itself.
The presence of non-user entities like API accounts further complicates the situation.
The identity of ThinkingOne, the individual who posted the leak, remains mysterious. Known for analyzing data leaks, ThinkingOne has not revealed how they acquired the data. Their theory of an insider leak during layoffs is plausible but unconfirmed, and X has remained silent despite multiple attempts to contact them. The lack of response from the company has left many questions unanswered, especially regarding the extent of the breach and the security of user data.
Reference:
