A massive data leak has exposed sensitive user records from X, formerly known as Twitter, affecting over 200 million users, according to cybersecurity researchers at Safety Detectives. The breach, which surfaced on a known clear web forum, reportedly includes 201 million individual entries of user data in a 34GB CSV file.
Leaked Data Claims and Background
The breach was first flagged by a threat actor who alleges that the leak stems from a combination of previously scraped public data and newly acquired records, dating back to January 2025. Claiming frustration over a lack of response from X, the actor said they had attempted to notify the platform but received no reply.
In total, the leaked dataset is said to comprise more than 2.8 billion user records across a 400GB file, with the 201 million user entries forming part of that larger claim. Safety Detectives reported that a sample analysis of 100 records revealed accurate details matching public Twitter profiles, though it remains unconfirmed whether all corresponding email addresses are owned by the listed accounts.
Potential Security Risks for Users
Experts warn that the exposed data could have wide-reaching consequences for affected users. The most immediate risks include:
-
Phishing Attacks: Cybercriminals could use verified email addresses and public profile data to craft convincing fraudulent messages.
-
Targeted Scams: User-specific information could enable more believable scams tailored to individual interests or activity.
-
Social Engineering: The dataset may be used to deceive users or contacts into disclosing confidential information.
Recommendations for Affected Users
Safety Detectives recommends that individuals concerned about their exposure take the following steps:
-
Be cautious of unsolicited messages or links.
-
Review and tighten privacy settings on social media platforms.
-
Stay alert to social engineering attempts.
-
Report suspicious activity or phishing attempts to X’s security team.
Also read: CSCRF Mandates SOC, Data Localization for Financial Firms
Cybersecurity Landscape and Industry Response
The leak’s discovery on a public web forum underscores the evolving role such platforms play in the cybersecurity ecosystem—serving both as marketplaces for stolen data and warning grounds for cybersecurity professionals.
While X has yet to issue an official response to the report, the incident could reignite concerns over how the platform handles user data security and breach notifications.
Safety Detectives emphasized that their disclosure is intended to promote awareness and risk mitigation and does not assign blame or suggest legal liability on the part of any organization.
