Hacker Claims To Have Leaked 200 Million X User Data Records—For Free
X, the social media platform formerly known as Twitter, has been hit with yet another major data breach. A self-proclaimed "data enthusiast" named ThinkingOne claims to have leaked a staggering 200 million user records from the platform, making it one of the largest social media breaches in history.
The breach is believed to have occurred when an attacker exploited a vulnerability discovered through Twitter's bug bounty program in January 2022. The issue allowed an individual to access data related to platform users by knowing only their email address or phone number. By July of that year, it was revealed that someone had already taken advantage of the vulnerability and was selling a large amount of user data on the dark web.
Fast forward to January 2025, when ThinkingOne announced that they had accessed the same dataset and added it to their own breach. According to a posting on a well-known data breach forum, they decided to give the data away for free after attempting to contact X (the platform's new owner) without receiving a response.
The resulting dataset, which spans 34 GB and contains 201 million entries, is believed to include sensitive information such as:
- X screen name and user IDs
- Full names
- Locations
- Email addresses
- Follower counts
- Profile data
- Time zones
- Profile images
- And more
ThinkingOne, who describes themselves as a "data enthusiast" rather than a hacker, claims that they only included records of X users present in both datasets. When questioned about how they managed to enumerate all Twitter user IDs, ThinkingOne noted that it was either the work of an employee or a highly sophisticated hacking job.
According to ThinkingOne, the dataset leaked in January 2025 includes over 2.8 billion unique Twitter IDs and screennames, with a representative sample of 100 checking out correctly 92 times. This raises significant concerns about the security of X's user data and the potential for further breaches.
The Safety Detectives cybersecurity team, which broke the story, verified the authenticity of the dataset in part and warned that there is at least a possibility that the person responsible for the breach has other data including emails, phone numbers, and passwords.
As this story continues to unfold, we will provide updates on any new developments. We have reached out to X for a statement, but as of now, the platform has not commented publicly on the breach.