X's Data Leak? 200m user records potentially released - What you need to know

This week Forbes reported that "self proclaimed data enthusiast" had leaked a database with the user records of some 200 million users from X, formerly know as Twitter.

How we got here:
• A 2022 bug in Twitter’s code let attackers link emails/phone numbers to accounts.
• Despite a fix, the data was exploited and sold online.
• Now in 2025, someone named ThinkingOne has released the data again — plus more — claiming over 2.8B records were compromised in total.

The leak includes:
Usernames, real names, email addresses, locations, follower counts, profile images, time zones, and more.

X's response:
Elon Musk's company says no passwords were leaked and claims the data can't be tied to vulnerabilities in its systems (despite past admissions of bugs).
🧾 Rejected links between several major datasets and any known breach.

Why it matters:
If true, this may be the largest social media data leak ever — dwarfing previous reports of a few hundred million active users.
ThinkingOne implies this breach was either an inside job or a high-level hack — and X has remains mostly silent.

The Bottom line:
X users’ personal data may still be circulating from a long-running security blind spot. Be alert.

Interested in a twice weekly snapshot on the latest happenings across the Australian Creator Economy? Click here and hit subscribe.