X (Twitter) was at the center of a credential compilation event that surfaced in early 2025, when a dataset containing records linked to up to 2.9 billion accounts appeared on hacking forums and dark web marketplaces. The dataset was not the result of a direct hack of X's systems. Instead, it was assembled through a combination of large-scale scraping of public X profile data, exploitation of an API vulnerability first introduced in June 2021, and the merging of that information with records pulled from earlier, unrelated breaches at email providers, marketing databases, and other online services. The exposed data includes email addresses and phone numbers alongside public profile details such as usernames, display names, bios, locations, and follower counts. The risk comes from linkage. On their own, these pieces may seem harmless. Combined, they create detailed profiles that connect a person's real-world identity to their online presence, making the dataset a tool for phishing, impersonation, doxxing, and social graph analysis at scale. No confirmed regulatory action or breach notifications from X had been reported as of the time this summary was written. Affected users should treat any unsolicited contact referencing their X account or linked email with suspicion. Enabling two-factor authentication, auditing connected apps, and monitoring for impersonation attempts are practical steps to reduce exposure.

Recompiled social-platform exposure datasets aggregate social profile data, linked contact details, usernames, posts, and externally joined records from one or more social ecosystems.

Twitter no longer operates under that name and now exists as X following Elon Musk’s 2023 rebrand of the platform. Even so, the breach remains tied to the Twitter-era service, product design, and API decisions that governed how user identity data could be queried and linked at the time.