Hacker claims over 200 million X users data leaked: Report

A hacker asserts that they have made public a database with information on approximately 200 million X (previously called Twitter) users. As reported by Safetydetective.com, which initially unveiled the story, researchers found a post on the hacking forum “BreachForums” from a user identified as ThinkingOne. The post allegedly included a 34 GB downloadable file containing more than 201 million entries of data concerning X users.

The hacker mentioned in the post asserted that the information was released after discovering that neither X nor the public knew about “the biggest social media breach ever.” ThinkingOne also stated that they had “attempted to reach out to X through various ways without any reply.”

Investigators from Safetydetective.com reported that they have confirmed the authenticity of the leaked information, which contains X screen names and user IDs, full names, locations, email addresses, follower counts, profile information, time zones, profile pictures, and additional details.

“We reviewed the information corresponding to 100 users in the list, and we found that it matched what was shown on Twitter. We also verified a considerable amount of emails, which turned out to be valid email addresses, though we cannot confirm that the emails belong to the accounts listed,” they said.

“This is by far the largest social media breach ever, in terms of a number of users, and there is at least a possibility that the person responsible for the breach has other data, including emails, phone numbers and passwords,” ThinkingOne claimed.

Although the precise source of the data breach is unknown, ThinkingOne asserts that they obtained X data exposed in January 2022 and incorporated it into an additional breach, which they allege was revealed in January 2025.

“The dataset leaked in January 2025 included over 2.8 billion unique Twitter IDs and screennames,” ThinkingOne told Forbes, “I checked a representative sample of 100 and 92 had the correct user ID and screenname.’

The hacker added: “How could someone enumerate all Twitter user IDs, unless they were an employee or this was a very serious hacking job?”

X has yet to respond to the data breach claims.