1️⃣ 200 million X user profiles were leaked, with some claiming up to 2.8 billion affected.
2️⃣ The breach exposed user IDs, display names, bio info, follower counts, but not email addresses.
3️⃣ Risks include phishing, scams, and social engineering.
4️⃣ Users should update privacy settings, watch for phishing, and report suspicious activity.
Listen to the article:
In the latest shock to X (formerly Twitter) users, a massive data leak has come to light, revealing the personal details of millions of users. This breach is now being described as one of the largest social media data leaks in history, with potentially 2.8 billion user profiles affected. Here’s a breakdown of what happened, what was leaked, and what you can do to protect yourself.
What Happened?
In 2022, Twitter discovered a vulnerability that allowed attackers to access user data using just an email address or phone number. By July of that year, cybercriminals had exploited this flaw, selling large volumes of user data. Time jump to January 2025, and a well-known figure on the Breach Forums, ThinkingOne, claims to have obtained and leaked a database containing 200 million X user profiles. The data includes details like user IDs, display names, bio descriptions, follower counts, and more—everything but email addresses.
How Did It Happen?
The leaked data is believed to have originated from a breach in 2023, which was thought to be a simple data scrape. However, a report from Safety Detectives suggested that ThinkingOne claims to have merged this information with new data from January 2025, resulting in a comprehensive file of 201 million user records. The combined dataset includes not only profile metadata but also historical data, including follower and tweet counts from previous years. Despite the claims of 2.8 billion affected users, many of these records could be from inactive, deleted, or bot accounts that are no longer in use.
What Was Leaked?
So, what exactly does this leak reveal about users?
- User IDs and screen names
- Profile details like descriptions, location, and URL
- Follow and tweet counts from 2021 and 2025
- Account creation dates and last tweet timestamps
- Status settings, including verification and protection statuses
Importantly, email addresses, which were part of the 2023 breach, were not included in the 2025 leak. However, this hasn’t stopped some from mistakenly thinking that the 2025 breach also included email info, as the merged dataset shows emails from the previous leak.
What Risks Are Involved?
The consequences of this data leak are significant. While emails weren’t part of the 2025 data, the exposed profile information opens users up to several types of risks:
- Phishing attacks: Cybercriminals can craft convincing emails or messages pretending to be from X, aiming to steal more sensitive information.
- Targeted scams: With detailed knowledge of a user’s activities, scammers could tailor fraud attempts to increase their chances of success.
- Social engineering: Hackers could use social manipulation tactics to deceive individuals into giving away personal information.
What You Can Do?
If you believe your data might have been part of this breach, here are a few steps you should take:
- Beware of phishing attempts. Don’t click on suspicious links or provide personal details to unknown sources.
- Update privacy settings on your social media profiles to limit what others can see.
- Report unusual activity on your X account if you notice anything suspicious.
Despite the scale of this leak, X has yet to make an official statement, raising concerns over the platform’s response to such a massive breach. With the data now freely available on public forums, it’s crucial for users to stay vigilant and take necessary precautions to protect their privacy.
Discover more from TECH HOTSPOT
Subscribe to get the latest posts sent to your email.