Was Twitter / X hacked?

Yes. The Twitter breach occurred on January 1, 2022, affecting 200 million records.

What data was exposed in the Twitter / X breach?

The 2022 Twitter breach exposed email addresses of 200+ million users via an API vulnerability. Learn what was leaked and what to do.

What should I do if I was affected by the Twitter / X data breach?

Check if your data was exposed using our free tool, change your passwords, enable two-factor authentication, and monitor your accounts for suspicious activity.

Twitter Data Breach

High Severity 200 million records affected Published February 10, 2026

Company	Twitter / X
Breach Date	January 1, 2022
Disclosure Date	January 4, 2023
Records Affected	200 million

In early 2023, a dataset containing email addresses linked to approximately 200 million Twitter (now X) accounts was published on a hacking forum. The data was collected in 2022 by exploiting an API vulnerability that allowed attackers to look up accounts by email address or phone number.

What Happened

Between June 2021 and January 2022, attackers exploited a vulnerability in Twitter's API that allowed them to submit email addresses or phone numbers and receive the associated Twitter account if one existed. Twitter patched the flaw in January 2022 after receiving a bug bounty report, but not before large datasets were compiled. An initial dataset of 5.4 million records appeared for sale in July 2022. In January 2023, a much larger dataset of approximately 200 million email-to-Twitter-account mappings was published for free on a hacking forum. This data allows the de-anonymization of pseudonymous Twitter accounts.

What Data Was Exposed

Email addresses linked to Twitter accounts
Twitter usernames and display names
Account creation dates
Follower counts
Profile information
Phone numbers (in the smaller 5.4M dataset)

Who Is Affected

Approximately 200 million Twitter users whose email addresses were associated with their accounts. This represents a significant portion of Twitter's active user base at the time. Users who used pseudonymous accounts are at particular risk of being identified.

How to Check If You Were Affected

Check HaveIBeenPwned.com to see if your email appears in the Twitter breach dataset. If you had a Twitter account with an email address associated before January 2022, your data was likely included in the scraped dataset.

What You Should Do Now

Be aware that your email is now publicly linked to your Twitter account
Change your Twitter/X password and enable two-factor authentication
Consider the privacy implications if you used a pseudonymous account
Watch for phishing emails targeting your Twitter-associated email
Review and remove personal information from your Twitter profile
Use unique email aliases for social media accounts going forward

Last updated: February 10, 2026