Recent reports indicate that X (formerly Twitter) has experienced a significant data breach, potentially involving the profiles of approximately 2.87 billion users. This incident, if confirmed, would represent one of the largest data exposures in social media history.
The breach reportedly encompasses around 400GB of data, including user IDs, screen names, profile descriptions, location settings, follower counts, and tweet timestamps. Notably, sensitive information such as email addresses and phone numbers are not included in the leaked dataset.
A user known as ThinkingOne on Breach Forums alleges that the data was exfiltrated by a disgruntled X employee during mass layoffs following Elon Musk’s acquisition of the company in 2022. This claim suggests potential insider involvement in the breach.  
As of now, X has not publicly acknowledged the breach. This lack of response has raised concerns among users regarding the security of their personal information and the company’s transparency. Cybersecurity experts emphasise the need for vigilance, advising users to monitor their accounts for unusual activity.
Some experts have expressed scepticism about the legitimacy of the breach, questioning the plausibility of 2.87 billion user records being compromised, especially given that X’s active user base is reportedly around 540 million as of January 2025. This discrepancy suggests the dataset may include inactive, duplicate, or bot accounts. 
While the alleged data breach at X raises significant concerns, the company’s silence and the questions surrounding the data’s authenticity leave many uncertainties. Users are advised to stay informed through official channels and take proactive measures to secure their accounts.
Thanks AK for the heads up and links to this emerging issue.
