Twitter Sued Over Data Breach After Hack Site Claims 200 Million Compromised Accounts

A Twitter user has sued the company over a data breach, days after an internet hacker site posted information allegedly gleaned from more than 200 million accounts.

New York state resident Stephen Gerber claims in his lawsuit, filed Friday in federal court in San Francisco, that his personal information was among data collected by Twitter hackers from July 2021 to January 2022. He seeks class-action status for all those whose information may have been hacked, and asked the court for unspecified monetary damages as well as an order requiring Twitter to hire third-party security auditors.

Gerber’s lawsuit blames a “defect” in Twitter’s application programming interface that allowed “cybercriminals to ‘scrape’ data from Twitter.”

The “compromised information” included user names, emails and phone numbers that could be used in phishing scams, the lawsuit says.

Twitter admitted in August that some 5.4 million accounts had been breached when a “bad actor” obtained personal information through an unspecified “vulnerability in Twitter’s systems.”

“Affected users” and authorities were “promptly notified,” and the “vulnerability” was fixed, said Twitter.

Twitter insisted in a blog post last week that there was “no evidence that the data now being sold online was obtained by exploiting a vulnerability of Twitter systems.” The data is “likely a collection of data already publicly available online through different sources,” the company said. Twitter didn’t immediately respond to Gerber’s lawsuit.

An anonymous poster on the hacker site BreachForums early this month published a database claiming to contain basic information about hundreds of millions of Twitter users.

Gerber’s lawsuit says Twitter has “seemingly buried its head in the sand about the magnitude” of the hack.

Twitter is grappling with a number of other lawsuits. It was recently sued by one of its San Francisco landlords claiming nonpayment of rent, and by Canary Marketing and Imply Data Inc. for allegedly failing to pay for services.

Twitter workers fired by owner Elon Musk as part of a massive staff reduction after he bought the company for $44 billion last year failed to win class-action status in a San Francisco court Friday.

U.S. District Judge James Donato ruled that five former Twitter employees accusing the company of failing to give adequate notice before their firing must press their claims in private arbitration because of employment agreements they signed with the company, CNN reported.