X 2025 Data Breach
ObscureIQ Breach Intelligence
Low SeverityWebsite / service breach
X (Twitter) Email Address Compilation (2025): 2.9 Billion Email Addresses Aggregated from Multiple Breach Sources
Aggregated compilation of X/Twitter email addresses from multiple breach sources'
Verified by ObscureIQ Intelligence
0/100Breach Risk Index
4Data Value
Breach Intelligence Summary
Entity: X · Actor: Unknown · Sources: 2 references
Attack: Social Engineering
Profile: Breach Compilation · Aggregated social media profile data and linked external records · Recompiled social platform exposure dataset · Global
Timeline: Breach (2025-04-02) · Year (2025)
Exposure: 2.9B records · 1 fields: Email Address
Status: Reported
Executive Summary
X (Twitter) was at the center of a credential compilation event that surfaced in early 2025, when a dataset containing records linked to up to 2.9 billion accounts appeared on hacking forums and dark web marketplaces. The dataset was not the result of a direct hack of X's systems. Instead, it was assembled through a combination of large-scale scraping of public X profile data, exploitation of an API vulnerability first introduced in June 2021, and the merging of that information with records pulled from earlier, unrelated breaches at email providers, marketing databases, and other online services. The exposed data includes email addresses and phone numbers alongside public profile details such as usernames, display names, bios, locations, and follower counts. The risk comes from linkage. On their own, these pieces may seem harmless. Combined, they create detailed profiles that connect a person's real-world identity to their online presence, making the dataset a tool for phishing, impersonation, doxxing, and social graph analysis at scale. No confirmed regulatory action or breach notifications from X had been reported as of the time this summary was written. Affected users should treat any unsolicited contact referencing their X account or linked email with suspicion. Enabling two-factor authentication, auditing connected apps, and monitoring for impersonation attempts are practical steps to reduce exposure.
ObscureIQ assessment: High risk of identity linkage, doxxing, harassment, and large-scale profile enrichment. Recompiled social data is especially useful because it connects public-facing identities to additional external records.
Breach Impact
This breach stemmed from a Twitter API vulnerability introduced in June 2021 that allowed attackers to correlate email addresses or phone numbers with public Twitter profiles, creating a high-value identity linkage dataset later circulated widely. Public breach tracking describes the exposed data as including email addresses or phone numbers alongside public profile information such as usernames, display names, bios, locations, and follower counts, which made the corpus useful for phishing, impersonation, doxing, social graph analysis, and broader identity correlation.
About X
Twitter was a global real-time social media and microblogging platform built around public posts, follower graphs, pseudonymous identity, direct messaging, and live discourse at scale. Before the later rebrand to X, Twitter’s core value came from making public conversation searchable, linkable, and easy to distribute across media, politics, business, and culture.
Why They Hold Your Data
Recompiled social-platform exposure datasets aggregate social profile data, linked contact details, usernames, posts, and externally joined records from one or more social ecosystems.
Recent Developments
Twitter no longer operates under that name and now exists as X following Elon Musk’s 2023 rebrand of the platform. Even so, the breach remains tied to the Twitter-era service, product design, and API decisions that governed how user identity data could be queried and linked at the time.
Data Points Exposed
1 verified field types
Email Address
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- Targeted phishing campaigns using exposed email addresses
Threat vectors:
- Phishing, credential stuffing & account takeover
Recommended Actions
If you believe your information may be included:
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the X breach?▾
X (Twitter) was at the center of a credential compilation event that surfaced in early 2025, when a dataset containing records linked to up to 2.9 billion accounts appeared on hacking forums and dark web marketplaces. The dataset was not the result of a direct hack of X's systems. Instead, it was…
What data was exposed?▾
Verified fields include Email Address.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation