Over 200,000,000 users' email addresses allegedly leaked from X in one of 'largest social media data leaks of all time'

A major data breach has reportedly hit Elon Musk’s X platform, exposing over 200 million user email addresses.

While X was in the news just recently for being sold for $45 billion to Musk's own AI company, it's in the spotlight again for a seriously large alleged data breach.

Cybersecurity researchers at SafetyDetectives - a service that helps the online community defend itself against cyber threats - say they uncovered a massive leak over the weekend on the hacking forum BreachForums.

A user by the name of ThinkingOne posted a 34GB CSV file containing more than 201 million data records, reportedly belonging to X (formerly Twitter) users.

The researchers reported plenty of metadata on each account, including account creation dates, locations, current and former display names and tweet count.

A screenshot of the original post showing the leaked data / SafetyDetectives

Thankfully, the leaked data doesn’t appear to include any sensitive data like passwords or direct messages.

But ThinkingOne cross-referenced this latest leak with data belonging to 209 million users from a 2023 X data breach. The older breach contained user emails (which aren't usually publicly available), which ThinkingOne linked back to about 201 million active users.

"We reviewed the information corresponding to 100 users in the list, and we found that it matched what was shown on Twitter," SafetyDetectives wrote after reviewing the data. "We also verified a considerable amount of emails, which turned out to be valid email addresses, though we cannot confirm that the emails belong to the accounts listed."

Exactly how the breach happened isn’t clear yet, however, with 2.8 billion X accounts reportedly affected, ThinkingOne claimed this to be 'the largest social media breach ever.'

In their post, the user also added that there is 'no sign that X or the general public is aware' and that they 'tried contacting X via several methods with no response.'

Owner Elon Musk just sold the social platform for $45 billion / SOPA Images / Contributor / Getty

It's likely many of these accounts don't belong to real users. In fact, based on analytics platforms like Statista, X likely has around 400 million global users.

Billions of those leaked X accounts would have belonged to bots, spammers or individuals who deactivated or deleted their own accounts, the experts say. But, the worrying concern lies in how the exposed data can be used.

The data was also easily accessible as SafetyDetectives stated it was 'not behind a paywall' so 'it was free to anyone with an account in the forum to download.'

With both emails and detailed metadata in one place, the security experts warn that users could become easy targets for phishing attempts, social engineering and other online scams.