SafetyDetectives’ Cybersecurity Team stumbled upon a clear web forum post where a threat actor published a .CSV file allegedly containing over 200 million records from X users.

What Is X?

Formerly known as Twitter, X is one of the world’s largest social media platforms where users can share messages, images, and videos in short posts. They can also like and repost other users’ content among other features.

In October 2022 the company was acquired by Elon Musk, who renamed it X.

Where Was The Data Found?

The data was found in a forum post available on the clear surface web. This well-known forum operates message boards dedicated to database downloads, leaks, cracks, and more.

What Was Leaked?

According to the author of the post, in January 2025, 400 GB of data on 2.8+ billion X’s users was leaked. The author claims that they decided to post the data after seeing “no sign that X or the general public is aware of the largest social media breach ever.” They also claim that they “tried contacting X via several methods with no response.”

Although the author of the post didn’t publish the whole trove of data, they claim to have taken the data leaked in January 2023 — which apparently was a scrape of publicly available data — “and appended the data from the 2.8 billion breach. Only records with screennames present in both are included, so there are 201,186,753 total entries.”

This means that the author allegedly cross-referenced both databases and merged the data of the 2025 leak with the 2023 leak, adding information such as emails and stats. The end result is a 34 GB .CSV file containing 201,186,753 total entries of data allegedly belonging to X’s users.

The headers on the .CSV file are the following:

  • ID,
  • screen_name,
  • name,
  • location,
  • description,
  • url,
  • Email,
  • time zone,
  • language,
  • followers_count,
  • friends_count,
  • listed_count,
  • favourites_count,
  • statuses_count,
  • protected,
  • verified,
  • default_profile,
  • default_profile_image,
  • last_status_created_at,
  • last_status_source,
  • created_at

Safety Detectives’ Cybersecurity Team reviewed a sample of the data to assess its authenticity. We reviewed the information corresponding to 100 users in the list, and we found that it matched what was shown on Twitter. We also verified a considerable amount of emails, which turned out to be valid email addresses, though we cannot confirm that the emails belong to the accounts listed.

The entire file consists of 1,048,576 rows, each one presumably containing multiple data points on one X user. The data was not behind a paywall meaning that it was free to anyone with an account in the forum to download.

This is a screenshot of the original post.

This is a screenshot of the response the author gives to a comment of another user, where he claims that the data is legitimate and that this could be “the largest social media breach”.

What Risks Does This Data Exposure Pose?

The purportedly leaked data presents a risk to the security and privacy of all users impacted by this breach. Each of them may be vulnerable to:

  • Phishing attacks: Cybercriminals may use the leaked information to create convincing emails or messages that appear to be from X or other legitimate sources. These messages aim to trick individuals into providing more sensitive information or clicking on malicious links.
  • Targeted scams: Armed with knowledge of the individual’s activity on X, scammers could potentially tailor their fraudulent schemes to appear more legitimate and increase their likelihood of success.
  • Social engineering attacks: A social engineering attack occurs when a cybercriminal uses manipulation to deceive a target into revealing confidential information or performing actions that jeopardize security.

What to Do If You Believe Your Data Was Exposed

If you suspect that your personal information was compromised in this data leak, you can take these steps to protect yourself:

  1. Beware of Phishing Attempts: Be cautious of unsolicited emails, messages, or phone calls asking for personal information or payment details. Do not click on links or download attachments from unknown sources.
  2. Update Privacy Settings: Review and update the privacy settings on your social media accounts and other online platforms to limit the amount of personal information visible to the public.
  3. Beware of social engineering attacks: Understand social engineering risks, including phishing and scam attempts. Be cautious and verify the authenticity of any unexpected communication, particularly if it requests personal or financial data.
  4. Report any unusual events: Notify X of any fraudulent activity or suspicious communications related to this incident. Be wary of sharing information with unknown contacts or unverified sources.

Data breaches can have serious consequences. Staying alert and informed about cybersecurity practices is crucial to reducing risks. Following recommendations from experts can strengthen defenses against potential threats and enhance personal protection.