Twitter sued over data leak that it denied was caused by a flaw

A lawsuit was filed against Twitter Inc. due to a possible massive data breach that may have left the personal information of over 200 million users exposed, despite their denial that it originated from an error in its system.

On Friday, California federal court saw New York resident Stephen Gerber file a lawsuit over the data breach that took place between 2021 and 2022. His personal information was reportedly leaked among many other people’s in this incident which is why he is seeking class-action status for all those affected by it.

Gerber has attributed the breach to a glitch in Twitter’s API that enabled malicious actors to access users’ usernames, emails and phone numbers without authorization.

Last month, a mysterious figure on the cybercriminal forum BreachForums exposed an immense database with individual profiles of hundreds of millions of Twitter consumers.

In a recent blog post, Twitter declared that there is-

“No evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems.”

The company also declared-

“The data is likely a collection of data already publicly available online through different sources.”

Gerber, in the complaint, claims that Twitter seems to have turned a blind eye and may even have attempted to conceal the enormity of the breach.

To this present day, Twitter still hasn’t contacted or informed the victims of API exploitation – an unprecedented oversight on their part, in Gerber’s opinion.

Gerber is in pursuit of compensatory damages that are expected to exceed $5 million and court orders requiring Twitter to retain a security auditor for examining and assessing their systems, as well as launching and sustaining an effective safety program focused on shielding the personal information of its users.

Despite the absence of a Public Relations team, Twitter neglected to answer an emailed request for comment.

The matter at hand is Gerber v. Twitter Inc., a case concerning the US District Court for the Northern District of California in San Francisco with a docket number of 3:23-cv-00186.

It remains to be seen what the outcome of this lawsuit will be, and users are advised to keep their eyes open for any updates in this regard. In the meantime, it’s important for them to be extra vigilant about their online security.

Leave a Comment