Diving into the X Data Breach: Over 200 Million User Records Exposed

(Updated 4/10/25)

Key Takeaways

• Massive Data Leak: A hacker known as "ThinkingOne" released over 200 million X user records, including personal details like names, email addresses, screen names, and profile images.
• Source of the Breach: The data comes from a combination of breaches dating back to 2023 and January 2025, with connections to a larger breach involving 2.8 billion Twitter IDs and screen names.
• Vulnerability History: The breach traces back to a security flaw identified in 2022, which allowed unauthorized access to user data via email addresses or phone numbers.
• Increased Risk of Phishing: The leak significantly heightens the risk of phishing and social engineering attacks, especially with the exposure of email addresses.

Deep Dive

X, the social media platform formerly known as Twitter, has always been a breeding ground for debates, discussions, and, lately, a fair amount of drama. Elon Musk, ever the spokesperson for the platform, recently warned about hackers trying to infiltrate the site. But it’s one thing to worry about abstract threats and quite another to find out that your personal data might be at risk because of a real and massive breach.

Earlier this month, a security researcher and data analyst known as "ThinkingOne" made waves on a popular hacker forum by releasing a jaw-dropping dataset of over 200 million X user records. This isn't just some minor data leak; this is the kind of breach that puts a lot of people in a vulnerable position. Names, email addresses, user IDs, profile images, and a whole lot more were apparently up for grabs, all because of several security lapses over the past couple of years.

To put it simply, this leak is bad news. The database in question is a whopping 34 GB CSV file, and it includes more than 200 million entries. Think of it as a massive dump of personal info i.e., X usernames, full names, email addresses (from as far back as 2023), time zones, profile data, follower counts—everything except passwords and financial information. While that might seem like good news at first glance, it’s not. Phishing and social engineering scams are about to get a lot more sophisticated, and this leak makes those threats feel a lot more personal.

It looks like this breach isn't just about one security slip-up either. The dataset appears to be a mix of several breaches, with one allegedly going back to 2023 and another as recent as January 2025. These weren't just random breaches, they seem to tie into a much bigger issue involving around 2.8 billion Twitter IDs and screen names, which were allegedly leaked after an internal incident at X. While X hasn’t verified this claim, it’s certainly not out of the realm of possibility.

How Did This Happen?

The story behind the leak involves a bug that was initially identified in January 2022 through Twitter's bug bounty program. This vulnerability allowed attackers to exploit the platform by gaining access to user data using nothing more than an email address or phone number. It was fixed, at least in theory, but the damage seems to have been done. The data from this breach didn’t just disappear—it resurfaced in a much bigger leak, now adding fuel to the fire.

ThinkingOne, a security researcher and data analyst, claims that the data was cross-referenced with the 2.8 billion unique records from an even larger breach, possibly linked to an insider job during layoffs at X. While that’s still a claim without official confirmation from the company, cybersecurity researchers have been able to verify a portion of the leaked data by matching it with publicly accessible X profiles and validating some of the email addresses. So, while the full picture isn’t yet clear, it’s looking pretty grim.

This breach doesn’t include passwords or financial data (at least not from the 2025 leak). But what it does contain is plenty of information for malicious actors to exploit. Email addresses, names, and other profile data are a goldmine for cybercriminals. When combined with the 2023 breach (which did include email addresses), the risk of phishing attacks and social engineering just skyrocketed.

Now, here’s where things get even more unsettling. X, to date, hasn’t officially acknowledged this specific breach. While the company previously downplayed the 2023 incident by claiming it only involved "mostly public data," the reality is that exposed email addresses and personal info are a serious risk to users. So, if you’re a regular X user, you’re going to need to keep a much closer eye on your inbox and be cautious about unsolicited messages or login attempts.

How Bad Is It Really?

Here’s where things get a little tricky. The 2.8 billion records connected to X's 2023 breach is way more than the number of active users on the platform, which is estimated to be somewhere between 335 million and 600 million. This suggests the data might include more than just active accounts—it could be old, inactive accounts or even bot profiles. While the full scope of the breach is still unclear, it’s clear that X is dealing with a massive amount of exposed data. And let’s not forget that this comes on the heels of the March 2025 acquisition of X by xAI, which has raised additional questions about the platform’s security and its ability to safeguard user data moving forward.

For X’s users, this breach is a big red flag. Sure, we’ve heard about data leaks before, but the sheer scale and scope of this one make it something to pay attention to. We’re talking about over 200 million records with sensitive information, potentially spanning back years. That’s a lot of data in the wrong hands.

But what can you do about it? First off, it’s crucial to be aware that the risk of phishing and social engineering attacks is higher than ever. If you receive any unsolicited messages or emails asking for your personal information, be extremely cautious. It might be a good idea to change your password on X and any other platform where you use similar credentials, just to be safe.

For X as a platform, it’s time to have a serious conversation about security. The fact that these vulnerabilities kept popping up, with data resurfacing even after being supposedly patched, points to a need for more robust protections, especially as the platform continues to grow under new ownership.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.