X, the platform previously known as Twitter, has found itself in the spotlight for unsettling reasons. With Elon Musk recently asserting that hackers are actively attempting to disrupt the platform, the latest incident raises significant concerns for its users.

A Major Leak Unveiled

Earlier this month, alarming reports surfaced regarding a substantial data breach involving X. A self-identified data enthusiast, known as “ThinkingOne,” claimed to have released a staggering database containing over 200 million user records on a widely used hacker forum. This leaked information encompasses a wealth of details, including usernames, email addresses, and nearly all other aspects associated with users’ X profiles.

The Origins of the Breach

The X data leak is believed to have originated from a combination of previous breaches, notably one that occurred in January 2025 and another in 2023. The leaked dataset amounts to a massive 34 GB CSV file containing 201,186,753 entries. This data includes X screen names, user IDs, full names, locations, email addresses from the 2023 breach, follower counts, profile data, time zones, and even profile images.

According to ThinkingOne, the data was cross-referenced from a larger breach involving approximately 2.8 billion unique Twitter IDs and screen names. Speculation suggests this breach may have been linked to insider activity during layoffs at X, although the company has not confirmed this assertion. Cybersecurity experts, including those from Safety Detectives, have partially verified the authenticity of the leaked data by matching samples with public X profiles and confirming some email addresses, though they have not fully validated ownership.

A Vulnerability Exposed

The breach appears to trace back to a vulnerability that was identified in January 2022 through X’s bug bounty program. This flaw enabled attackers to access user data using merely an email address or phone number. Although the vulnerability was subsequently patched, the compromised data has resurfaced in later leaks, illustrating ongoing security issues.

The Implications of the Breach

While the 2025 incident does not include passwords or financial information, the inclusion of email addresses from the 2023 leak poses a heightened risk for phishing and social engineering attacks. As of now, X has not officially acknowledged this specific breach, although it previously downplayed the 2023 incident, claiming it primarily involved public data.

The staggering total of 2.8 billion records significantly surpasses X’s estimated 335 to 600 million active users, hinting that the dataset might also include inactive accounts, bots, or historical data. The full scope and implications of this breach remain uncertain, yet it underscores the persistent security challenges faced by the platform, especially following its acquisition by xAI in late March 2025.

Essential Steps to Protect Yourself

If you have an account on X or believe your data may have been compromised in this breach, consider taking the following precautionary measures:

1. **Install Strong Antivirus Software**
The leak includes email addresses linked to X accounts, which can fuel phishing attacks. Make sure to have strong antivirus protection installed on all your devices to safeguard against malicious links that may install malware or steal personal data.

2. **Remove Personal Data from the Internet**
The exposed data contains full names and email addresses, enabling hackers to cross-reference this information with data broker sites. Consider using a trusted data removal service to continuously monitor and request the deletion of your personal information from various websites.

3. **Change Your X Account Password**
Although passwords were not included in this breach, there’s still a significant risk if you use the same password across multiple platforms. Update your X account password to a strong, unique one to enhance your security.

4. **Enhance Your X Profile Privacy Settings**
Adjust your privacy settings on X to limit the visibility of personal information. Minimizing publicly visible details makes it harder for cybercriminals to impersonate you or guess your login credentials.

5. **Enable Two-Factor Authentication (2FA)**
If hackers obtained your email from the breach, they may try to reset your password. Implementing 2FA adds an extra layer of security by requiring a second code to log in.

6. **Use a VPN on Public Wi-Fi**
Protect your data when accessing X or other platforms on public networks by using a VPN to encrypt your connection, safeguarding your information from potential interception.

7. **Sign Up for Identity Theft Protection**
With more than 200 million records exposed, identity theft protection can alert you if your information is being misused, and assist in freezing your accounts to prevent unauthorized access.

Conclusion: The Long Road to Data Security

The X data breach serves as a stark reminder that simply patching vulnerabilities is not enough to prevent data exposure. The persistence of leaked data, years after the original flaw was addressed, highlights the complex challenges associated with large-scale breaches. Even when passwords are not involved, the combination of identifiers like email addresses and names can be weaponized through various attacks.

Have you felt that companies are doing enough to protect your data from hackers and cyber threats? Share your thoughts with us at Cyberguy.com/Contact.

For continuous updates on tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter at Cyberguy.com/Newsletter.

Follow Kurt on his social media channels for more insights and information.