Twitter Sued Over Data Leak, Denies Responsibility

More than 200 million users’ information was compromised in the alleged 2021-2022 incident

twitter San Francisco headquarters
Getty Images

A New York resident is suing Twitter over an alleged data leak caused by a flaw in the platform’s systems, which the company denies.

On Friday, Stephen Gerber filed a class action suit with the San Francisco federal court over the 2021-2022 hack that may have affected more than 200 million users’ private information.

According to a Bloomberg report, Gerber faults the company’s application programming interface, or API, for enabling hackers to access usernames, email addresses and phone numbers. In a Jan. 11 blog post, the company maintained that there is “no evidence” that the information being sold online was caused by an issue with Twitter’s systems.

“The data is likely a collection of data already publicly available online through different sources,” the post read.

Twitter logo
Read Next
Twitter Offers Former Staffers One-Third Promised Severance, Demands Silence Agreement

Twitter says that in July 2022, it became aware that a “bad actor” was offering to sell information it had obtained through a “vulnerability in Twitter’s systems.”

“After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed,” the post stated. “At the time, we notified the affected users promptly and the relevant authorities.”

However, it claimed that the incident reported in Jan. 2023 was not new and that “none of the datasets analyzed [in an investigation by Twitter’s Incident Response and Privacy and Data Protection teams] contained passwords or information that could lead to passwords being compromised.”

Senator Ed Markey impersonated on Twitter
Read Next
Washington Post Pokes Holes in Elon Musk’s Twitter Verification Fix by Impersonating a Senator

In the case filing, Gerber says Twitter may have tried to downplay the scale of the data breach. He added that the company “to this day, has inexplicably failed to notify or contact the victims of this particular API exploitation.”

Bloomberg reported that Gerber is seeking unspecified monetary damages likely in excess of $5 million. The suit also seeks a court order requiring Twitter to employ third-party security auditors to monitor its systems and improve user security.

The case is Gerber v. Twitter Inc., 3:23-cv-00186, US District Court, Northern District of California (San Francisco).

Twitter currently does not have a press relations department available to comment on the suit.

Twitter logo
Read Next
Behnam Rezaei, One of Twitter’s Last Remaining Pre-Musk Leaders, Quits

Harper Lambert

Harper first joined TheWrap as a member of the Audience Team in 2021 before becoming a film reporter. Her writings about movies, TV, and culture have appeared in The Hollywood Reporter, MovieMaker and the Daily Nexus, where she served as Editor in Chief. She also co-hosted and co-created the podcast “Hot Off The Pod” with…

Comments