How can you find a Twitter account with just an email address?
There are several ways to check if an email address is linked to an account on Twitter. One of these ways is to add your target through Gmail and then sync it to your Twitter account. This way you will immediately see whether your target email address is linked to an account on Twitter. Please take the following steps to perform this check.
Update: this blog post was updated on 12/23/2019 by adding step 5 (downloading the browser extension GoodTwitter).
Step 1: sign in with a fake account on Gmail
Go to www.gmail.com and sign in with your fake account. With a fake account, we obviously mean an account that is not directly or indirectly traced to you as a person. By using a fake account you can reduce the risk of detriment and security. This is because the person you are investigating must not know who is hiding behind your fake account. A comprehensive article on using fake accounts or sock puppets can be read here.
Step 2: open your Contacts
If you’re signed in to your Gmail account, click the circle that contains the nine dots (1) at the top right. In the screen that opens, click on the icon with the text “Contacts” (2).
Step 3: enter your target email address as a contact person
In the screen that is open in the previous step, you can view your contacts. Since this is an overview of contacts from your fake account, you should not have any contacts in your list yet. We’re going to add a contact here, because we want to see if the user is also on Twitter. To add a contact, click “Create contact” at the top left of your screen or in the middle at the bottom of your screen.
Please note: If you already have contacts in your list, we recommend that you remove them first. Otherwise, you may may get confusing results when synchronizing contacts in the next step.
If you clicked on “Create contact“, a new screen opens. Justenter your target’s email address and click “save“. You have now stored the email address in your fake account’s Gmail contacts. For some users, you can also see more information about the user. For example, this might be a profile picture or account information.
Step 4: sign in with your fake Twitter account
Go to www.twitter.com and sign in with your fake account.
Step 5: Download the “GoodTwitter” extension
Twitter regularly adjusts the look and feel, which means that certain functionalities sometimes no longer work. On July 15, 2019 this year, a major change resulted in uploading contacts via Gmail being no longer possible in the new version of Twitter. In order to be able to synchronize contacts, you now need the “old version” of Twitter. The extension GoodTwitter (available for Chrome and Firefox) is suitable for this. Install this browser extension before you continue.
What does this extension actually do? The extension forces your web browser to use the old version of Twitter. If we use the Developer Tools to view the user agent in our request headers, we see the following user agent string: Mozilla / 5.0 (Windows NT 10.0; Win64; x64; RV: 71.0) Gecko / 20100101 Firefox / 71.0. Is this user agent also used for the request headers to other web servers? No, fortunately not.
Step 6: Open your privacy settings
At the top right, click the small circle with your own profile picture, then select “Settings and privacy“.
Stap 7: Importeer je Gmail-contacten
On the left side of the screen, click on “Find friends” and then in Gmail click on “Upload contacts“.
Then click on the Gmail account again and click “allow” when the message “www.twitter.com want to access your Google account” pops up. You will now be notified that Twitter is loading. Wait a while.
Ready! View the result
If a user is linked to the email address you added to your Gmail contacts, it will look like the following. Please note: do not click “Follow 1 people” because you will follow the user with your fake account.
If the email address is not linked to a user, you will get to see the message “your contacts are not on Twitter… yet.“. However, it may also be that the your target has unchecked the setting “others can find you via your email address” within its privacy settings.
Continue your investigation?
If you want to do further research, please make sure you log out of Google again to avoid leaving unnecessary traces. Depending on the tracks you want to leave behind, you can clean your cookies and sessions and possibly change the browser, user-agent and/or IP address.
More tutorials or contact?
Want to know more about how you can conduct investigations on Twitter? Or do you want to know more about how to investigate an email address? Please let us know or follow one of our OSINT training events! Also, we would like to hear from you when you have any tips or suggestions for this article.