5 steps to secure your X account after data breach

X app
Over 200 million user records from social media platform X (formerly Twitter) have recently been leaked online, exposing extensive personal data including full names, email addresses, usernames, locations, follower counts, and profile information.

The X data leak was believed to have stemmed from a combination of breaches, including one that allegedly occurred in January 2025 and another in 2023. Reports also indicated the breach appears to be traced back to a vulnerability identified in January 2022, which had already been patched.

Cybersecurity expert Akash Mahajan, Founder and CEO at Kloudle, recommends these five critical actions to protect yourself immediately if your data may have been compromised in the X data breach:

1. Strengthen Your Defences Against Phishing Attacks

Given the exposure of email addresses, cybercriminals may launch sophisticated phishing schemes. Be wary of unsolicited emails claiming to be from X or its affiliates asking for personal details or account verification. Avoid clicking on suspicious links, and consider installing advanced antivirus software capable of identifying and blocking phishing attempts and malicious links.

2. Immediately Change Your X Password

Even though passwords were not directly exposed, attackers may take advantage of leaked emails to attempt unauthorised access using credential stuffing. Update your password to a strong, unique combination—ideally at least 16 characters including numbers, symbols, and letters. Use reputable password management software to securely generate and store these complex passwords.

3. Activate Multi-Factor Authentication (MFA)

Enable MFA immediately on your X account and linked email addresses to significantly reduce the risk of unauthorised access. Choose authenticator apps such as Google Authenticator or Authy rather than SMS-based verification, which can be intercepted.

4. Limit Your Publicly Available Information

Reduce your vulnerability by tightening privacy settings on your X account. Limit the visibility of personal details like your full name, email address, location, and other identifying information. Removing unnecessary public details makes it harder for cybercriminals to execute personalised phishing attacks or identity theft.

5. Proactively Monitor for Identity Theft

Enrol in identity theft protection services to monitor for unauthorised use of your personal information. Regularly check your credit reports and bank statements for suspicious activities, and consider placing fraud alerts or credit freezes on your credit reports to prevent long-term misuse of your personal data.

Mahajan adds:

“Stolen data remains valuable to attackers well beyond the initial breach. By combining leaked information with publicly accessible data, cybercriminals significantly enhance their ability to execute convincing scams. It’s critical to stay alert, strengthen your security practices, and regularly monitor your accounts even months after this breach.”