On April 2, FirstPost reported a potentially monumental data breach affecting the social media platform X, labeling it as possibly the “largest social media breach ever.”
According to the report, over 200 million user accounts may be compromised after sensitive information surfaced on a hacking forum. Safetydetective.com was the first outlet to uncover this incident, revealing that a 34GB file containing user data was available for download on a site known as BreachForums.
Additionally, Newsweek reported that this extensive dataset appears to amalgamate two prior data breaches: new metadata from a 2025 incident and email addresses obtained during a 2023 security lapse.
The file was uploaded by a user identified as ThinkingOne, claiming it contained information on approximately 201 million accounts. The uploader expressed concern that X and the broader public were not aware of this significant breach. Despite multiple attempts to alert the platform, they received no acknowledgment or response.
ThinkingOne shared their frustration with Newsweek:
“My goal here has just been to try to make sure that X is aware of the breach. I’m guessing by now they are, but it is frustrating when they won’t even confirm they are aware of an alleged breach.”
Upon investigating the exposed data, researchers from Safetydetective.com confirmed that much of the information was authentic and correlated with the original user identifiers. They stated:
“We reviewed the information corresponding to 100 users in the list, and we found that it matched what was shown on Twitter. We also verified a considerable amount of emails, which turned out to be valid email addresses, though we cannot confirm that the emails belong to the accounts listed.”
The researchers noted that the compromised data likely encompassed screen names, user IDs, full names, geographical locations, email addresses, follower counts, time zones, and profile images, among other details. This significant leak raises critical questions regarding the social media platform’s cybersecurity measures and internal protocols.
Possible Origins of the X Data Breach
Newsweek has suggested that the 34GB file might originate from a broader cache of user data, nearly 400GB in total. This data breach is suspected to have been orchestrated by a disgruntled employee, particularly during the recent mass layoffs that followed Elon Musk’s acquisition of the platform in 2022.
Moreover, it is likely that the leaked information includes accounts that have been deactivated, spam accounts, and API-generated profiles. This might explain the inconsistency between the number of accounts leaked and the current user tally, which is approximately 335 million.
This alarming revelation coincided with Elon Musk’s announcement on March 28 regarding the sale of the social media platform to his artificial intelligence company, xAI, for $45 billion. This sale slightly exceeds Musk’s initial purchase price of $44 million in 2022, as reported by CNN.