Hackers on the illicit marketplace Breach Forums have disseminated a massive dataset allegedly containing 2.9 billion Twitter (X) user records. Although most of the data in a “leak” is public, cybercriminals can still find many uses for it.
A threat actor hiding under the moniker ThinkingOne claims it obtained a massive new leak, the “largest social media breach ever.”
The hacker posted a massive 400GB dataset containing 2.873 billion Twitter (X) user records, which was allegedly leaked in January 2025.
According to the post, the data is “almost certainly taken by a disgruntled employee while many employees were being laid off.”
The Cybernews research team has discovered that this data was first originally posted by another user “ebiuprsy” and it doesn’t contain emails or other private information.
The new dataset combines an old leak from 2023, when threat actors exposed over 200 million Twitter user emails, with new data that is primarily public.
The Cybernews research team notes that almost all appended data fields are publicly available on X profiles. The data contains historical username changes and follower statistics from 2021, which suggest that the dataset may have been compiled over time through scraping.
The allegedly leaked data contains the following fields:
- User Info: ID, screen name, current and past (2021) name.
- Profile Details: Location, bio/description, profile URL.
- Account Settings: account creation date, time zone, language, protected status, verified status, default profile/image status.
- Activity Stats: Followers, friends, listed, favorites, statuses (current and 2021), last post timestamp, and source.
“If there was truly a disgruntled employee, they could have access to private messages (DMs), IP logs, internal tools or any other sensitive information, but none of that is included in this case,” Aras Nazarovas, an information security researcher at Cybernews, said.
Nazarovas notes that the leaked 2.8 billion records were likely obtained in 2022, according to the readme.txt file published with the data.
“What ThinkingOne did was combine a leak from ‘ebiuprsy’ together with the 2023 data of 200 million users with email addresses that’s been widely disseminated and covered years ago,” Nazarovas explains. “They just analyzed the data and reposted it. There are no passwords or other nonpublic data that wasn’t leaked previously.”
It is estimated that X has over 500 million monthly active users. However, hackers claim to have leaked data on almost 2.9 billion users. The discrepancy could be explained by bot accounts, deleted profiles, and other accounts not tied to individual users.
For now, there is no evidence that any X systems were compromised.
While scraping public data is not catastrophic, it is still a privacy concern. Combining the data with previously leaked emails potentially allows for deeper profiling of X users.
X users affected by the previous Twitter leak should stay alert for phishing attempts and consider updating their credentials if they haven’t done so since the 2023 breach.
Your email address will not be published. Required fields are markedmarked