[ThinkingOne]

... and nobody seems to be talking about it.

Sure, it doesn't have emails/addresses/phones/passwords, but at 2.8 billion records this is much bigger than any other social media leak.

The README.txt file:

Twitter account data for 2,873,410,842 accounts from November 2022.
935,214,212 accounts have extra data (timezone and language setting).
Each file contains data of 10,000,000 accounts.
Heil Elon

No clue who got this or how, a new account posted a magnet link (and then web link) a few days ago.

10 Mar 2025 EDIT: This data was leaked in early 2025 (its existence was not known before that). My money (so to speak) is on an employee having released this, who for all we know could have more data than what was released.

15 Mar 2025 EDIT: After a thorough analysis, I now know that this data was definitely collected during the time period that Twitter employees were most concerned about being laid off, and that the data was "post-processed" (e.g. altered after it was collected; that would likely be things like removing fields, sorting, stuff like that).

[breachedu76]

more information? sounds like clickbait

[ThinkingOne]

more information? sounds like clickbait

Sorry, the original thread is at https://breachforums.rs/Thread-2022-Twit...nts-103-GB .

[Blastoise]

No clue who got this or how, a new account posted a magnet link (and then web link) a few days ago.

I'm not sure exactly but it looks like scraping public profile data via zenrows.com or something similar..

[ThinkingOne]

No clue who got this or how, a new account posted a magnet link (and then web link) a few days ago.

I'm not sure exactly but it looks like scraping public profile data via zenrows.com or something similar..

I could be wrong, but I'm pretty sure that Twitter doesn't have any method of enumerating accounts (e.g. finding all valid accounts). And even so, a zenrows.com would charge over US$200,000 to scrape 2.8B webpages (I'm sure they would offer a discount for a job that big though!). Finding lots of big accounts might be possible through generic web scraping (going to all websites), but both a big challenge and unlikely to get anywhere close to 2.8 billion accounts.

Given the timing -- it looks like it was extracted November 14, 2022, just after Elon Musk laid off 1/2 the workforce -- I'm guessing someone created their own unique severance package.

[Housefly]

No clue who got this or how, a new account posted a magnet link (and then web link) a few days ago.

I'm not sure exactly but it looks like scraping public profile data via zenrows.com or something similar..

I could be wrong, but I'm pretty sure that Twitter doesn't have any method of enumerating accounts (e.g. finding all valid accounts). And even so, a zenrows.com would charge over US$200,000 to scrape 2.8B webpages (I'm sure they would offer a discount for a job that big though!). Finding lots of big accounts might be possible through generic web scraping (going to all websites), but both a big challenge and unlikely to get anywhere close to 2.8 billion accounts.

Given the timing -- it looks like it was extracted November 14, 2022, just after Elon Musk laid off 1/2 the workforce -- I'm guessing someone created their own unique severance package.

You’re absolutely right it could be the work of an X employee Musk fired. However I doubt that theory because this database contains significantly less information compared to others.

[ThinkingOne]

Given the timing -- it looks like it was extracted November 14, 2022, just after Elon Musk laid off 1/2 the workforce -- I'm guessing someone created their own unique severance package.

You’re absolutely right it could be the work of an X employee Musk fired. However I doubt that theory because this database contains significantly less information compared to others.

The catch is that it has every Twitter/X account. Every previous big social media "breach" was just a scrape (web or API), gathered over months. This even has test accounts that were created by Twitter employees. This appears to be a "snapshot" taken on one day. And small enough to easily fit on a small thumb drive and walk out with.

It's also very possible that the person who took this data has emails/passwords, but chose not to release them (whether to limit their legal liability, or to get a chance to sell the full dataset, etc.).

There's also the question of why the person waited 2 years to release the data (for free), rather than selling it. I could see an employee having data they had no intention of selling, but if this was the work of a very skilled hacker, you think they would have either tried selling it or at least bragged about having it.

I could be wrong, but the employee theory makes the most sense to me.

[Housefly]

Given the timing -- it looks like it was extracted November 14, 2022, just after Elon Musk laid off 1/2 the workforce -- I'm guessing someone created their own unique severance package.

You’re absolutely right it could be the work of an X employee Musk fired. However I doubt that theory because this database contains significantly less information compared to others.

The catch is that it has every Twitter/X account. Every previous big social media "breach" was just a scrape (web or API), gathered over months. This even has test accounts that were created by Twitter employees. This appears to be a "snapshot" taken on one day. And small enough to easily fit on a small thumb drive and walk out with.

It's also very possible that the person who took this data has emails/passwords, but chose not to release them (whether to limit their legal liability, or to get a chance to sell the full dataset, etc.).

There's also the question of why the person waited 2 years to release the data (for free), rather than selling it. I could see an employee having data they had no intention of selling, but if this was the work of a very skilled hacker, you think they would have either tried selling it or at least bragged about having it.

I could be wrong, but the employee theory makes the most sense to me.

Could you upload the database to Biteblob or a similar platform? I’ll need to cross check it with my own database let’s see if anything useful comes up since that torrent link is no longer working.

[ThinkingOne]

Could you upload the database to Biteblob or a similar platform? I’ll need to cross check it with my own database let’s see if anything useful comes up since that torrent link is no longer working.

There are about 380 files, over 100GB, so uploading is a pain.

When I initially tried the torrent, I was using Transmission Qt Client which didn't show any seeds/peers (it couldn't even get the metadata/filenames). But when I used BitTorrent, it worked. Not sure why, but maybe trying a different client might work?

[Housefly]

Could you upload the database to Biteblob or a similar platform? I’ll need to cross check it with my own database let’s see if anything useful comes up since that torrent link is no longer working.

There are about 380 files, over 100GB, so uploading is a pain.

When I initially tried the torrent, I was using Transmission Qt Client which didn't show any seeds/peers (it couldn't even get the metadata/filenames). But when I used BitTorrent, it worked. Not sure why, but maybe trying a different client might work?

just tried BitTorrent + Transmission + Tixati none of them worked for me so i guess i'll have to wait for someone to reupload this.