Alert, a leak may well affect the social network X! A pirate claims to have got hold of the detailed information of 2.87 billion accounts. It could well be the largest data leak recorded by a social network.
X (ex-Twitter) is a real gold mine for pirates and businesses, the social network full of personal data and often very private information on its users. Telephone numbers, email addresses, sometimes compromising images and comments, political trends … all information that attracts lust. But the platform seems to have experienced a new data leak, and not least!
On BreachForums, a well -known site of cybercriminals, a pirate calling himself Thinkingone claims to have taken a directory of “400 GB of information” in January 2025. This database would include personal data of 2.87 billion users of X. It would be the fruit of an unhappy employee of the social network which would have stolen data during the massive layoff period. If the facts are proven, it would be the greatest data leak recorded by a social network, but surprisingly, or X, which has not confirmed the information or the general public seem to be aware.
Piracy X: The work of an old dissatisfied employee?
With ForbesThinkingone explains that he is not a hacker, but rather a “Data passionate”. He is not at the origin of the flight, which would rather be due to an employee dissatisfied with the wave of layoffs perpetrated by Elon Musk three years earlier. Indeed, after having bought Twitter, the billionaire had separated from a large part of the group’s wage bill, in order to reduce costs. He explains that he had tried several times to contact X to discuss this leak, but having received no answer and seeing that the general public was not aware of “The greatest violation of social media never committed”he decided to put everything online on Breachforums.
Among the data claimed by Thinkingone, we find:
- the date of creation of the account;
- user identifiers and screen names;
- profile descriptions;
- the profile URL;
- location parameters;
- time zone parameters;
- the display name since 2021;
- the number of followers from 2021 to 2025;
- the number of tweets;
- the horoditing of the last tweet;
- the number of friends;
- the number of lists appearances;
- the number of tweets put in favorites;
- the source of the last tweet (eg tweetdeck, x web app);
- profile status (verified, protected, etc.).
This leak does not seem to have disclosed particularly sensitive information about users of X. In fact, many of these accounts probably do not even belong to real users. According to estimates of the Statita analysis platform, the social network has around 400 million users worldwide. A large part of these billions of disclosed accounts would probably belong to bots, spammers or individuals who have disabled or deleted their own account. However, a number of real and active accounts are affected.
Piracy of X: particularly complete crossed databases
Where it gets complicated is that Thinkingone met this last leak with data belonging to 209 million users from a data violation of 2023. At the time, Elon Musk had tried to minimize the incident by saying that it was public data, but it was then revealed that it was a security flaw. And, unlike the leak of 2025, this database included user email addresses, which are generally not made public. The profiles obtained by this crossing, or some 201 million active users, are therefore very complete.
With e-mail addresses and combined metadata, cybercriminals could easily target X users with phishing emails, targeted scams, social engineering attacks and other scams of the same type. Thinkingone insists that it could well be “The greatest violation of social media of all time, in terms of number of users, and it is at least possible that the person responsible for the violation has other data, including emails, telephone numbers and passwords”.
Researchers of SAFETY DESTECTIVES were able to verify the authenticity of part of the data in the repertoire. They explain to have “examined the information corresponding to 100 users on the list, and we found that it corresponded to what was displayed on Twitter”and have “Verified a considerable number of emails, which have proven to be valid e-mail addresses”. X has not yet confirmed or even recognized this alleged flight.