Cybernews reports that most of the over 2.8 billion user records belonging to X, formerly Twitter which were purported by threat actor "ThinkingOne" to have been exfiltrated by a disgruntled employee were publicly available information.
Despite ThinkingOne's claims of the leak being the "largest social media breach" yet, such a 400 GB dataset was a combination of data from "ebiuprsy" that did not have private details and information from 200 million users containing email addresses exposed two years ago, according to Cybernews information security researcher Aras Nazarovas. "If there was truly a disgruntled employee, they could have access to private messages (DMs), IP logs, internal tools, or any other sensitive information, but none of that is included in this case... [ThinkingOne] just analyzed the data and reposted it. There are no passwords or other nonpublic data that wasn't leaked previously," Nazarovas added. Despite the presence of mostly public data and the lack of evidence suggesting the compromise of X systems, users have been urged to be vigilant of potential attacks using their leaked information.
