Twitter 2021 Data Breach

Twitter API Scrape (2021): 211 Million User Email Addresses Linked to Public Profiles Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Social EngineeringSocialEmail AddressFull NameSocial Media ProfileUsername
Low SeverityWebsite / service breach

Twitter API Scrape (2021): 211 Million User Email Addresses Linked to Public Profiles Exposed

Social media platform.

Verified by ObscureIQ Intelligence
8/100Breach Risk Index
3Data Value
10Market Recency
1208dSince Breach

Breach Intelligence Summary

Entity: Twitter · Actor: Unknown · Sources: 6 references
Attack: Social Engineering
Profile: Platform · Social media and microblogging · Real-time content platform · Global
Timeline: Breach (2022-01-01) · Indexed (Jan 05, 2023) · Year (2021)
Exposure: 211.5M records · 4 fields: Email Address, Full Name, Social Media Profile, Username
Status: Confirmed

Executive Summary

Twitter suffered a data breach affecting approximately 211.5 million user accounts after threat actors exploited a vulnerability in its application programming interface (API). The flaw, introduced in June 2021, allowed attackers to submit email addresses and phone numbers to the API and receive matching Twitter profile data in return. By late 2021, attackers had automated this process at scale, systematically building a dataset that linked private contact information to public profiles. The compiled records surfaced on a hacking forum in early 2023. The exposed data combined email addresses with public profile details including names, usernames, and follower counts. That pairing is particularly sensitive because Twitter was built on pseudonymous identity. Many users kept their real-world contact information separate from their public persona by design. This breach collapsed that separation, making it possible to identify the person behind an account. For activists, journalists, whistleblowers, and others who rely on that separation, the exposure creates concrete risks of harassment, doxxing, phishing, and targeted impersonation. Twitter disclosed an API vulnerability to regulators in August 2022, and Ireland's Data Protection Commission, which oversees Twitter's EU operations, opened an inquiry that resulted in a 5.4 million euro fine in 2023. That earlier disclosure involved a smaller confirmed dataset; the 211.5 million record corpus reflects the full downstream scale of the same underlying flaw. Affected users should treat their email address as potentially linked to their Twitter identity, stay alert to phishing attempts referencing their account, and consider whether their current username or profile information could expose them to unwanted contact.

ObscureIQ assessment: Exposure enables harassment, phishing, doxxing, and account takeover. Public-interest and political activity on the platform can also amplify reputational and physical-safety risks.

Breach Impact

This breach reflects the large-scale downstream packaging of Twitter user data into a corpus of more than 200 million records built from 2021 API abuse that allowed email addresses to be resolved to public profiles. Public breach tracking says the dataset paired email addresses with profile information such as names, usernames, and follower counts, making it especially useful for phishing, impersonation, doxing, spam targeting, and large-scale identity correlation far beyond the smaller set of directly disclosed impacted users.

About Twitter

Twitter was a global real-time social media and microblogging platform built around public posts, follower graphs, pseudonymous identity, direct messaging, and live discourse at scale. Before the later rebrand to X, Twitter’s core value came from making public conversation searchable, linkable, and easy to distribute across media, politics, business, and culture.

Why They Hold Your Data

Real-time social platforms collect user identity, contact details, posts, messages, social graphs, device data, and behavioral engagement signals across public and private communication workflows.

Recent Developments

Twitter no longer operates under that name and now exists as X following Elon Musk’s 2023 rebrand of the platform. Even so, the breach remains tied to the Twitter-era service, product design, and API decisions that governed how user identity data could be queried and linked at the time.

Data Points Exposed

4 verified field types
Email Address
Full Name High
Social Media Profile
Username

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Targeted phishing campaigns using exposed email addresses
  • Social media account targeting and impersonation
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Account impersonation & social graph harvesting
  • Cross-platform tracking & credential stuffing

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Twitter breach?

Twitter suffered a data breach affecting approximately 211.5 million user accounts after threat actors exploited a vulnerability in its application programming interface (API). The flaw, introduced in June 2021, allowed attackers to submit email addresses and phone numbers to the API and receive…

What data was exposed?

Verified fields include Email Address, Full Name, Social Media Profile, Username.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Breach Index
DataBreach.com
Record & field corroboration
Cross-source
DataViper.io
Independent catalogue listing
Cross-source
Hacked-Emails
Independent catalogue listing
Cross-source
Keeper
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation