This isn't an advertisement for Blue Sky. This is some serious sh*t that needs more news coverage. And Twitter is owned by the same guy who's been given access to all of our data.
Elon Musk’s social media platform, X, is no stranger to the news. What with the reported purchase of X by xAI for $33 billion, attackers claiming responsibility for platform outages, and X password scams targeting users. Now, another shock awaits the users of what used to be Twitter: a self-proclaimed data enthusiast has just given away what is claimed to be a database containing details of some 200 million X user records. Here’s what we know so far.The story started in January 2022, when Twitter, as it was then, learned of a vulnerability through its bug bounty program that could enable an attacker to access data relating to platform users just by knowing an email address or telephone number. By July of that year, Twitter found that someone had exploited the vulnerability before it could be fixed and was selling a large amount of user data that had been collected in this way. “After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed,” Twitter confirmed at the time.
Fast forward to today, and that incident would appear to have come back to bite X users once more. Now, a data enthusiast called ThinkingOne says they have accessed that data and added it to a further breach, which they claimed was leaked in January 2025.
According to a posting on a well-known data breach forum, they decided to give the data away for free, having tried to contact X but with no response.
According to the Safety Detectives cybersecurity team which broke the story, ThinkingOne claims to “only have included records of X users present in both datasets.” The result is a 34 GB CSV file containing 201,186,753 data entries in total.
It is understood that the data, which has been verified in part at least to be genuine by the Safety Detectives researchers, included: X screen name and user IDs, full names, locations, email addresses, follower counts, profile data, time zones, profile images and more.
