The breach was first reported on March 28, 2025, by a user known as “ThinkingOne” on the infamous Breach Forums, who claims the data was stolen by a disgruntled employee during a period of mass layoffs at the company. A massive data leak, potentially the largest social media breach ever, reportedly exposes 400GB of data from roughly 2.87 billion Twitter (X) user accounts. While the 2023 breach contained email addresses, the 2025 leak notably lacks this sensitive information. For X users, the exposure of detailed profile information increases the risks of targeted phishing attacks and identity impersonation, even without email addresses being directly compromised in the latest leak. The breach files appear to be structured in a standardized CSV format, similar to how data could be extracted using API tools like Tweepy. Further investigation by Cyber Press uncovered 165 related files, including multiple compressed CSV files dated January 24, 2025, with sizes ranging from 361MB to 376MB each. If authentic, this incident would represent the second-largest data breach in history, surpassed only by the National Public Data breach of 3.1 billion records. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. “I tried contacting X via several methods with no response,” stated ThinkingOne, explaining their decision to publicly release the information after claiming the company ignored their warnings. According to their investigation, the information appears legitimate, though they could not confirm if all email addresses belong to the associated accounts. A high-severity security vulnerability (CVE-2025-1449) affecting its Verve Asset Manager product could allow attackers with administrative access to execute arbitrary commands.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Apr 2025 14:50:03 +0000