SafetyDetectives Cybersecurity Team
Updated on: April 2, 2025
SafetyDetectives’ Cybersecurity Team stumbled upon a clear web forum post where a threat actor published a .CSV file allegedly containing over 200 million records from X users.
What Is X?
Formerly known as Twitter, X is one of the world’s largest social media platforms where users can share messages, images, and videos in short posts. They can also like and repost other users’ content among other features.
In October 2022 the company was acquired by Elon Musk, who renamed it X.
Where Was The Data Found?
The data was found in a forum post available on the clear surface web. This well-known forum operates message boards dedicated to database downloads, leaks, cracks, and more.
What Was Leaked?
According to the author of the post, in January 2025, 400 GB of data on 2.8+ billion X’s users was leaked. The author claims that they decided to post the data after seeing “no sign that X or the general public is aware of the largest social media breach ever.” They also claim that they “tried contacting X via several methods with no response.”
Although the author of the post did not release all the data, they claim to have accessed all data entries from the January 2023 leak —which was believed to be a public data scrape— as well as cross-referenced them with the new data. The author claims to only have included records of X users present in both datasets. They then appended the new entries from the latest data to the old data, resulting in a 34 GB .CSV file containing 201,186,753 total entries of data allegedly belonging to X’s users.
According to the author of the post, before they merged the two data set, the 2023 data contained:
- Name,
- Screen name,
- Email,
- Followers,
- Date of creation (of the account)
The headers on the new .CSV file are the following:
- ID,
- screen_name,
- name,
- location,
- description,
- url,
- Email,
- time zone,
- language,
- followers_count,
- friends_count,
- listed_count,
- favourites_count,
- statuses_count,
- protected,
- verified,
- default_profile,
- default_profile_image,
- last_status_created_at,
- last_status_source,
- created_at
Safety Detectives’ Cybersecurity Team reviewed a sample of the data to assess its authenticity. We reviewed the information corresponding to 100 users in the list, and we found that it matched what was shown on Twitter. We also verified a considerable amount of emails, which turned out to be valid email addresses, though we cannot confirm that the emails belong to the accounts listed.
The entire file consists of 1,048,576 rows, each one presumably containing multiple data points on one X user. The data was not behind a paywall meaning that it was free to anyone with an account in the forum to download.
This is a screenshot of the original post.
This is a screenshot of the response the author gives to a comment of another user, where he claims that the data is legitimate and that this could be “the largest social media breach”.
What Risks Does This Data Exposure Pose?
The purportedly leaked data presents a risk to the security and privacy of all users impacted by this breach. Each of them may be vulnerable to:
- Phishing attacks: Cybercriminals may use the leaked information to create convincing emails or messages that appear to be from X or other legitimate sources. These messages aim to trick individuals into providing more sensitive information or clicking on malicious links.
- Targeted scams: Armed with knowledge of the individual’s activity on X, scammers could potentially tailor their fraudulent schemes to appear more legitimate and increase their likelihood of success.
- Social engineering attacks: A social engineering attack occurs when a cybercriminal uses manipulation to deceive a target into revealing confidential information or performing actions that jeopardize security.
What to Do If You Believe Your Data Was Exposed
If you suspect that your personal information was compromised in this data leak, you can take these steps to protect yourself:
- Beware of Phishing Attempts: Be cautious of unsolicited emails, messages, or phone calls asking for personal information or payment details. Do not click on links or download attachments from unknown sources.
- Update Privacy Settings: Review and update the privacy settings on your social media accounts and other online platforms to limit the amount of personal information visible to the public.
- Beware of social engineering attacks: Understand social engineering risks, including phishing and scam attempts. Be cautious and verify the authenticity of any unexpected communication, particularly if it requests personal or financial data.
- Report any unusual events: Notify X of any fraudulent activity or suspicious communications related to this incident. Be wary of sharing information with unknown contacts or unverified sources.
What Are Clearweb Leaks and Why Should You Care?
Hackers utilize various parts of the internet to coordinate attacks, share information, and discuss data breaches. One of the most popular channels hackers use for these purposes are clearweb forums, which are online networks —available to anyone with an internet connection— that allow users to share information about breaches and leaks. These forums provide a sense of anonymity to their members and features like paywalling for those users who require payment to access the information they are sharing.
By reporting on these incidents, we aim to proactively inform potentially affected parties earlier so that they can act quickly to protect their data. Our disclosures are rooted in meticulous research and are intended solely for informational and preventive purposes. In no way should these reports be construed as allegations, insinuations, or indicators of fault or negligence by any individual or organization.
In a recent discovery, SafetyDetectives’ Cybersecurity Team stumbled upon a clear web forum post where a threat actor publicized a database allegedly belonging to 5 Miles Lab. The breach supposedly exposed 8.3 million lines of their corporate inbox information.
