Twitter sued over alleged hack that may have left over 200 million exposed
Ryan King
Video Embed
Twitter was slapped with a lawsuit Friday over an alleged data leak that exposed information from over 200 million users’ account data.
Plaintiff Stephen Gerber alleges his personal data was buried in the trove that hackers claim to have amassed between 2021 and 2022. He is seeking damages and a third-party review in his filing against the social media giant.
Twitter has cast doubt that the alleged intrusion came from a defect in its system, instead suggesting it was likely a collection of publicly available data.
TWITTER FILES: EMAILS SHOW SCHIFF’S ROUTINE EFFORTS TO GET POSTS TAKEN DOWN
“Twitter is obligated, and has promised to, protect certain private information entrusted to it by its users in order to access the platform and, in turn, provide Twitter with the source of its billions in revenues. However, from June 2021 through January 2022, a defect in Twitter’s application programming interface (‘API’) allowed cybercriminals to exploit this defect and ‘scrape’ data from Twitter,” the suit argued.
A self-described hacker claimed to have leaked a slew of data, such as email addresses and other user information, to a hacker forum for sale. Notably, the purported leak did not appear to have passwords, Internet Protocol addresses, physical addresses, or phone numbers.
Twitter cast doubt on claims of a leak in a blog post earlier this week. The company also acknowledged the existence of a bug from an update to its code in June 2021 that it later fixed.
“Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems. The data is likely a collection of data already publicly available online through different sources,” the company said.
Leaks of Twitter data could harm those users who are anonymous, the suit argued. Gerber’s suit also tore into the company for burying “its head in the sand regarding the magnitude of this API exploitation” and suggested “Twitter may have even taken actions intended to conceal the true magnitude” of the problem.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
The suit also reprimanded the company for failing to notify users of the alleged breach. Damages could surpass $5 million, Gerber’s suit notes. The filing was made in the U.S. District Court for the Northern District of California.
Twitter lacks a public relations department to reply to media requests for comment. CEO Elon Musk dramatically reduced the company’s workforce to remedy budgeting woes following his takeover last year.