The cybersecurity world has been rocked by yet another major data leak. This time affecting over 200 million users of X (formerly known as Twitter).
The alleged breach, discovered by SafetyDetectives’ Cybersecurity Team, involves a publicly accessible .CSV file containing sensitive user data.
A threat actor recently posted a forum message on the clear web, claiming to have uploaded a 34GB .CSV file with data allegedly linked to X users.
According to reports, the leaked dataset was compiled by cross-referencing information from previous breaches, including the January 2023 Twitter scrape, and appending new user records. The resulting database contains over 201 million unique records.
What Was Leaked?
The leaked dataset is reported to contain multiple sensitive data points, including:
- User ID
- Screen name and full name
- Location
- Bio/description
- Profile URL
- Email address
- Time zone and language preferences
- Follower and following counts
- Account verification status
- Account creation date
- Last status update information
While no passwords were included in the leak, the presence of valid email addresses tied to real accounts presents a significant security threat.
Where Was the Data Found?
Unlike many breaches that surface on the dark web, this dataset was openly shared on a popular forum known for hosting leaked databases.
It was available for free download to anyone with a registered account, increasing the risk of widespread exploitation.
Even though passwords were not exposed, the breach still poses serious security threats, including:
- Phishing Attacks: Cybercriminals can craft convincing emails impersonating X or other legitimate services to steal login credentials or financial data.
- Targeted Scams: With access to email addresses and profile details, scammers can tailor their attacks to appear more credible and deceive users into clicking malicious links.
- Social Engineering Attacks: Attackers could manipulate users into revealing personal information, further compromising their security.
How to Protect Yourself from a Data Breach?
If you suspect your information may be part of this breach, consider taking the following steps:
- Enable Two-Factor Authentication (2FA): This adds an extra layer of security to your X account and makes unauthorized access more difficult.
- Be Wary of Phishing Attempts: Do not click on suspicious links or provide personal information in response to unexpected messages.
- Update Your Security Settings: Review your X privacy settings and limit the amount of personal information that is publicly visible.
- Monitor Account Activity: Keep an eye on your X account for any unusual login attempts or unauthorized actions.
- Use Unique Passwords: While passwords were not included in this leak, it’s always a good idea to use strong, unique passwords for each platform.
- Report Suspicious Activity: If you receive phishing emails or messages claiming to be from X, report them to the platform immediately.
This breach reignites the debate over whether social media platforms are taking adequate steps to protect user data.
Elon Musk’s acquisition of Twitter (now X) in October 2022 brought several structural changes to the company, but questions remain about its security measures.
With such a vast dataset allegedly leaked, users and cybersecurity experts alike are calling for more transparency and stricter safeguards.
While X has not officially confirmed the authenticity of this leak, users must take proactive steps to safeguard their accounts.
Cybercriminals thrive on exposed data, so staying vigilant, updating security settings, and adopting best practices in online safety are essential to mitigating potential risks.
