New York state resident Stephen Gerber claims in his lawsuit, filed Friday in federal court in San Francisco, that his personal information was among data collected by Twitter hackers from July 2021 to January 2022. He seeks class-action status for all those whose information may have been hacked, and asked the court for unspecified monetary damages as well as an order requiring Twitter to hire third-party security auditors.
Gerber’s lawsuit blames a “defect” in Twitter’s application programming interface that allowed “cybercriminals to ‘scrape’ data from Twitter.”
The “compromised information” included user names, emails and phone numbers that could be used in phishing scams, the lawsuit says.
“Affected users” and authorities were “promptly notified,” and the “vulnerability” was fixed, said Twitter.
Twitter insisted in a blog post last week that there was “no evidence that the data now being sold online was obtained by exploiting a vulnerability of Twitter systems.” The data is “likely a collection of data already publicly available online through different sources,” the company said. Twitter didn’t immediately respond to Gerber’s lawsuit.
An anonymous poster on the hacker site BreachForums early this month published a database claiming to contain basic information about hundreds of millions of Twitter users.
Gerber’s lawsuit says Twitter has “seemingly buried its head in the sand about the magnitude” of the hack.
Twitter is grappling with a number of other lawsuits. It was recently sued by one of its San Francisco landlords claiming nonpayment of rent, and by Canary Marketing and Imply Data Inc. for allegedly failing to pay for services.
Twitter workers fired by owner Elon Musk as part of a massive staff reduction after he bought the company for $44 billion last year failed to win class-action status in a San Francisco court Friday.