Twitter Sued Over Data Leak That It Denied Was Caused by a Flaw
(Bloomberg) -- Twitter Inc. was sued over an alleged data leak that may have exposed the information of more than 200 million users but which the company denied was caused by a flaw in its system.
Most Read from Bloomberg
Apple Delays AR Glasses, Plans Cheaper Mixed-Reality Headset
Microsoft to Cut Engineering Jobs This Week as Layoffs Go Deeper
Microsoft, Amazon Set to Erase 28,000 Jobs as Tech Slump Deepens
Stock Mood Turns Ugly as Slowdown Fears Surface: Markets Wrap
New York state resident Stephen Gerber claims his personal information was among the cache of data obtained by hackers between 2021 and 2022. He sued Friday in San Francisco federal court seeking class-action status for all those whose information was leaked.
Gerber blames a defect in Twitter’s application programming interface (API) that allowed cybercriminals to obtain usernames, emails and phone numbers of users of the social media website.
In January, an anonymous user on the hacker site BreachForums published a database that they claimed to contain basic information on hundreds of millions of Twitter users. Twitter said in a blog post that there was “no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems.”
“The data is likely a collection of data already publicly available online through different sources,” the company said.
Gerber claims in the complaint that Twitter “seemingly buried its head in the sand” and says the company may have tried to hide the magnitude of the leak.
Twitter “to this day, has inexplicably failed to notify or contact the victims of this particular API exploitation,” Gerber said.
Gerber is seeking unspecified monetary damages, likely to exceed $5 million, and court orders requiring Twitter to hire third-party security auditors to test and audit its systems as well as to implement and maintain a security program designed to protect the confidentiality of the users.
Twitter, which doesn’t have a public relations department, didn’t respond to an emailed request for comment.
Read more: Twitter Security Headaches Mount With User Data Leak Claim
The case is Gerber v. Twitter Inc., 3:23-cv-00186, US District Court, Northern District of California (San Francisco).
Most Read from Bloomberg Businessweek
It’s a Business Free-for-All in a Russia Transformed by Sanctions
What Tech Job Cuts Say About Silicon Valley—and the Rest of the Economy
The Winklevii Are the Latest Crypto Founders to Blame Everybody But Themselves
©2023 Bloomberg L.P.