Twitter 200M

A significant security incident involving Twitter occurred due to an API vulnerability discovered in late 2021 and exploited through early 2022. The flaw allowed attackers to input email addresses or phone numbers to identify linked Twitter accounts. This resulted in a massive dataset containing approximately 200 million unique records being compiled and eventually leaked on darknet forums. The data exposes user identities by linking private contact information with public profile details such as handles and account creation dates. Twitter confirmed the vulnerability was introduced in a June 2021 code update and patched it in January 2022 after being notified through a bug bounty program.