A self-proclaimed data enthusiast calling themselves ‘ThinkingOne’ has made a huge database containing 201 million pieces of user data from X freely available. The data is said to have come from two previous leaks and includes email addresses, locations and profile data of users of the social media platform.
The 34 GB database contains information that, according to researchers at Safety Detectives, is authentic. The team has partially verified the data. It includes X screen names, user IDs, full names, locations, e-mail addresses, number of followers, profile information, time zones and profile photos.
Vulnerability in (what was then) Twitter was the root cause
The origin of the data breach goes back to January 2022, when Twitter discovered a vulnerability through its bug bounty program, Forbes reports. This vulnerability made it possible to collect user data simply by knowing someone’s email address or phone number.
In July 2022, Twitter confirmed that someone had exploited the vulnerability before it could be fixed. “After reviewing a sample of the data offered for sale, we confirmed that a malicious party had taken advantage of the problem before it was addressed,” Twitter stated at the time.
Combination of previous data leaks
ThinkingOne claims that the released database is a combination of this previous hack and another data breach that he claims took place in January 2025. The cybersecurity team at Safety Detectives, which broke the story over the weekend, reports that ThinkingOne only included records of X users that appeared in both data sets.
The ‘data enthusiast’ reportedly attempted to contact X to inform them of the leak, but claims to have received no response. He then decided to make the data available for free via a well-known data breach forum. Only data that appears in both leaks (January 2022 and January 2025) has been released.
Potential risks for users
The leaked data poses a potential risk to X users. With the available information, malicious parties can carry out targeted phishing attacks, hijack accounts and possibly commit identity theft. Especially since the dataset combines full names with email addresses and location data.
Although X has not yet officially responded to this incident, it is wise for users to change their passwords and enable two-factor authentication where possible. It is also advisable to be alert for suspicious emails that pretend to come from X or other services.
Also read: Elon Musk folds X into xAI at $33 billion valuation