A major data breach reportedly hit the social media platform X (formerly Twitter) over the weekend, potentially affecting up to 2.8 billion user accounts—making it one of the most significant leaks in social media history.

What Happened?

The cybersecurity team at SafetyDetectives uncovered a post on the hacker forum BreachForums, where a user shared details of the breach. The post included a 34GB CSV file allegedly containing data from around 201 million X users.

According to researchers, the leaked data includes:

Alleged Insider Involvement

The forum post claims the breach occurred in January 2025, and the leak may have been the work of a disgruntled employee from within X. The individual behind the post also mentioned they had notified X, but had received no response from the platform.

Notably, there's no official confirmation from X at this time, and the company has not publicly acknowledged the incident.

Connections to Past Breaches

This isn't the first time user data from X has been compromised. In 2023, a separate breach exposed the personal data of approximately 209 million users, primarily email addresses. The latest breach reportedly cross-references that earlier dataset, compiling a more comprehensive record of users affected in both incidents.

While X did address the 2023 breach, it downplayed its severity, claiming the data was already publicly accessible. It remains to be seen how—or if—the company will respond to the 2025 breach allegations.

A Breach Amid Ownership Changes

The timing is particularly notable as xAI, Elon Musk's artificial intelligence company, officially acquired X on Friday. This breach, if confirmed, could pose serious challenges to the new management, especially around data security and user trust.

What Users Should Do

Until X issues a statement, users are advised to: