Massive 400GB of X (Twitter) User Records Allegedly Leaked – 2.8 Billion Records Exposed Online

In what may be the largest social media breach in history, a staggering 400GB of data containing information on 2.873 billion Twitter (X) users was leaked in January 2025.

The breach, first allegedly reported by a data leak forum profile known as “ThinkingOne” on March 28, 2025, is believed to have been carried out by a disgruntled employee during a period of widespread layoffs at the company.

Despite attempts to alert X and the public, ThinkingOne claims there has been little acknowledgment of the breach, prompting them to share details online.

In a detailed leak post, ThinkingOne revealed that they merged the newly leaked data with records from a previous 2023 breach of 200 million Twitter users, which X had dismissed as publicly available information.

The resulting dataset, a single 34GB CSV file (9GB when compressed), contains 201,186,753 entries of users whose screen names appeared in both breaches. The file includes extensive user details such as email addresses, screen names, follower counts, account creation dates, and more.

“Here, I have taken the records from the 200M Twitter breach (which X claims is public data) and appended the data from the 2.8 billion breach. Only records with screennames present in both are included, so there are 201,186,753 total entries.”

From 2023 to 2025: A Data Evolution

The 2023 breach included basic user information, such as:

• Email: socialmedia@trumpnetwork.com
• Name: The Trump Network
• ScreenName: TrumpOnline
• Followers: 1,014
• Created At: 2009-05-21

The updated dataset from the 2025 breach expands this significantly, adding fields like user IDs, time zones, language preferences, and detailed activity metrics. For example, the updated entry for “TrumpOnline” now includes:

• ID: 41610628
• Screen Name: TrumpOnline
• Name: The Trump Network
• Location: Everywhere
• Description: People helping people to be their best.
• URL: http://www.trumpnetwork.com
• Email: socialmedia@trumpnetwork.com
• Time Zone: -18000
• Language: en
• Followers Count: 1,002
• Friends Count: 0
• Statuses Count: 194
• Last Status Created At: 2011-09-06T14:30:01Z

Similarly, an entry for “USAID” reflects updated follower counts (918,706 in 2025 vs. 843,274 in 2023) and additional metadata, underscoring the depth of the new leak.

We Cyber Press Discovery: 165 Files Found

Further investigation by We Cyber Press uncovered a trove of related files linked to the breach.

Among them were 165 files, including a “README.txt” dated January 25, 2025, at 5:48:07 PM (196 B), and multiple compressed CSV files dated January 24, 2025. Examples include:

• twitter_users_003.csv.xz – 372.6 MB (9:51:55 PM)
• twitter_users_010.csv.xz – 376.0 MB (10:14:54 PM)
• twitter_users_011.csv.xz – 370.9 MB (10:23:15 PM)
• twitter_users_014.csv.xz – 361.2 MB (10:30:57 PM)

These files, ranging in size from hundreds of megabytes each, suggest a structured and voluminous data dump, consistent with ThinkingOne’s description of the 400GB breach.

A Breach of Unprecedented Scale

ThinkingOne asserts the authenticity of the data, having analyzed it extensively. “I didn’t check every one of the 2.8 billion records,” they wrote, “but I’ve analyzed it many different ways… It’s legit.”

They speculate that the breach involved an extraordinary feat of enumerating 2.8 billion screen names or user IDs, though the exact method remains unclear. “It wasn’t done via brute force,” they added.

While some have underestimated Twitter’s user base at 600 million its reported Monthly Active Users (MAU) ThinkingOne clarified that the platform’s total registered accounts far exceed this figure, making the 2.8 billion figure plausible.

If accurate, this breach surpasses all previous social media incidents and could rank as the second-largest data breach ever, trailing only the National Public Data breach of 3.1 billion records.

The leaked data has reportedly surfaced online, with ThinkingOne providing potential download links, including a torrent and file-hosting services like gofile.io and qu.ax. However, access remains inconsistent, with some files possibly in “deep storage.”

The breach’s full impact is yet to be determined. If sensitive details like phone numbers or additional personal information were included—details ThinkingOne says are unconfirmed the consequences could be profound, amplifying risks of identity theft, phishing, and targeted attacks.

The online response has been swift. One user, “Asterix,” remarked, “ok yeah vro just posted the fucking largest breach in history (if this is real) history has been made??” Another, “ShoqapikDemoni,” expressed intent to investigate further. ThinkingOne emphasized the breach’s significance, noting, “If emails, phones, etc. were exfiltrated… [it would be] by far the most significant social media breach.”

As of now, X has not publicly commented on the alleged breach. With the circulating data and questions mounting, the incident could mark a pivotal moment in social media security and a wake-up call for users and platforms alike.

Find this Story Interesting! Follow us on LinkedIn, and X to Get More Instant Updates