HQ/EMEAFind out how we can help your business
In what could become the largest data breach in social media history, a staggering 400GB of user data from Twitter (X) has allegedly been leaked, affecting over 2.8 billion accounts. The breach, which surfaced in late March 2025, was first reported by a user named “ThinkingOne” on BreachForums, claiming to have uncovered the data after months of investigation.
According to the details shared, the data breach appears to have originated during a period of significant layoffs at the social media giant, possibly from a “disgruntled employee” with access to sensitive company data. Despite numerous attempts to notify both Twitter and the public, ThinkingOne’s efforts to raise awareness have gone unacknowledged, leading to the decision to share the data breach findings publicly.
The leaked information includes a 34GB CSV file featuring data from 201,186,753 user accounts, which were extracted from two separate breaches — one occurring in 2023 and the other in January 2025. The latter data breach appears to be a significant escalation, containing additional personal details such as user IDs, time zone preferences, account activity, and even user descriptions. In fact, the data breach revealed the extent of the leak, covering not just basic identifiers like email addresses and screen names but also granular account data such as follower counts, post histories, and more.
In a breakdown of the findings, the leaked file includes entries from users like “TrumpOnline” and “USAID,” where previously available information such as email and screen names has now been expanded to include location details, account creation times, and status updates. One example shows how the follower count for “USAID” increased from 843,274 in the 2023 breach to 918,706 in the 2025 leak.
Further analysis uncovered related files associated with the data breach, including 165 individual documents, each containing massive amounts of data. These files, some reaching over 300MB each, point to a well-organised data dump that supports ThinkingOne’s claims of a 400GB leak.
ThinkingOne, who has examined the records extensively, asserts that the data breach is genuine despite not checking every single record.
They speculate that the scale of the breach could be due to an innovative process that enumerated billions of accounts without resorting to brute-force attacks. The user further points out that Twitter’s total registered accounts exceed the platform’s reported monthly active users, making the 2.8 billion figure plausible.
The breach’s potential impact is enormous. If additional sensitive data, such as phone numbers, were included in the data breach, the risks of identity theft, phishing, and other targeted cyberattacks would multiply. Though no official confirmation has been made regarding the full contents of the exposed data, the security community has already begun to sound alarms.
Despite the growing request for a response, Twitter has yet to make any public statements regarding the breach. The circulating data, now available through torrent links and file-hosting services, continues to raise questions about the company’s security practices and its response to this data breach.
As this incident unfolds, the tech community and users alike are closely monitoring the situation, with many fearing that this could be just the beginning of larger data breach events in the future.
