X (Twitter) — Data Breach
Executive Summary
A database containing email addresses, names, and usernames of over 200 million Twitter users was published on BreachForums. The data was scraped using an API vulnerability introduced in June 2021 that allowed anyone to look up accounts by phone number or email. An earlier dataset of 5.4 million records had been sold for $30,000 in July 2022. The mass exposure posed major phishing and deanonymization risks for activists, journalists, and dissidents. Twitter did not issue a public disclosure.
What Happened
In January 2023, a database containing information on over 200 million Twitter users was published on BreachForums. The data was scraped in 2021 using an API vulnerability that allowed anyone to look up Twitter accounts by submitting email addresses or phone numbers. The leaked records included email addresses, names, usernames, follower counts, and account creation dates. Twitter had previously fixed this vulnerability in 2022 after a smaller incident involving 5.4 million accounts alerted the company to the flaw.
Who Is Affected
More than 200 million Twitter users worldwide are affected by this exposure. Security researchers identified particular risks for anonymous users including activists, journalists, and dissidents who could be unmasked if their email addresses or real identities are connected to their Twitter handles. Any user whose information was scraped is potentially vulnerable to targeted phishing attacks, account hijacking attempts, and sophisticated disinformation campaigns.
Why It Matters
This breach represents one of the largest exposures of Twitter user data, with the potential to deanonymize users who rely on pseudonyms for safety or professional reasons. The leaked data can enable malicious actors and repressive governments to identify individuals behind anonymous accounts, posing direct risks to vulnerable populations. The incident occurred during a period of significant staff reductions at Twitter following its acquisition by Elon Musk, raising concerns about the company's capacity to respond to security threats. Twitter did not issue a public disclosure about this data exposure.
What You Should Do
If you have a Twitter account, assume your email address and public profile information may have been exposed. Change your Twitter password immediately and use a unique password not shared with other accounts. Enable two-factor authentication on your Twitter account and any other accounts that use the same email address. Be vigilant for phishing attempts that reference your Twitter username or other exposed information, and consider using a password manager to create and store unique passwords for all your online accounts.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.
Sources