In January 2025, a massive leak exposed personal data linked to over 2.8 billion users of X, formerly known as Twitter. A 34GB sample of this stolen data surfaced on BreachForum, a well-known hacking board accessible from the public web.
This 34GB .CSV file includes over 201 million user records. The uploader claims they compiled this dataset by combining entries from the 2023 and 2025 leaks. Only user data found in both breaches appears in the final collection.
What the Data Stolen from X Includes
The leaked data is highly detailed. It contains usernames, email addresses, account creation dates, and follower statistics. Moreover, the 2025 breach added even more personal fields, including:
- Name and screen name
- Location and account description
- Email address
- Language and time zone
- Profile stats such as followers, likes, and statuses
- Account verification and protection status
- Metadata on recent activity
Although the dataset does not contain passwords, it holds enough information to enable phishing attacks and identity theft. Cybersecurity researchers at SafetyDetectives reviewed a sample of 100 records. Their analysis confirmed that the data matched real account details and validated many email addresses.
Insider Threats Suspected
The data’s origin remains unclear. However, the person behind the leak claimed they tried contacting X with no response. Frustrated, they chose to make the breach public, saying the company showed no awareness of the situation.
Interestingly, the author speculated that a disgruntled employee may have leaked the data during the recent wave of layoffs at X. This theory echoes a 2023 event, when an ex-employee reportedly published X’s source code on GitHub after being dismissed.
A Pattern of Security Failures
X has experienced multiple data incidents in recent years. The latest breach follows a major leak in 2024 known as the “Mother of All Breaches,” which exposed 281 million Twitter user records. That earlier breach and this new one raise serious concerns about the company’s internal data security.
These repeated failures suggest structural weaknesses that attackers continue to exploit. In today’s digital landscape, such lapses carry major consequences for both businesses and users.
What VPN Group Recommends
Users affected by this breach must act quickly. First, avoid clicking on suspicious emails or links, as attackers may use this data for phishing. Second, consider switching to secure communication channels, especially those using encryption. Third, enable two-factor authentication on all linked services.
Finally, using a trusted VPN will add a layer of security. A VPN hides your IP address and encrypts your internet traffic, reducing the risk of tracking and data exposure.
