© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Twitter sued over recent leaks involving millions of users


A class action lawsuit against Twitter alleges a user’s identity was revealed due to the data leak. The plaintiff says Elon Musk’s company violated its promise to protect user information.

A class-action lawsuit against Twitter, filed on January 13, alleges that recent data dumps violated Twitter’s privacy policy and terms of service because it failed to protect non-public consumer information.

“[...] from June 2021 through January 2022, a defect in Twitter’s application programming interface (“API”) allowed cybercriminals to exploit this defect and “scrape” data from Twitter, “reads the lawsuit.

The API bug led to a major data leak in December 2022, when threat actors posted an ad on a well-known hacker forum, claiming they were selling the data of over 400 million Twitter users.

The dataset includes Twitter handles, usernames, email addresses, and phone numbers. A week later, threat actors publicly disclosed 63GB of data, connecting over 200 million Twitter users with their names and email addresses.

However, Twitter denied the data was obtained by exploiting a vulnerability of Twitter systems and said the data was likely a “collection of data already publicly available online through different sources.”

Meanwhile, the lawsuit claims the plaintiff, Stephen Gerber, used an anonymous Twitter username that was compromised in the recent incident when his non-anonymous email address was linked with his Twitter handle.

“This is not only a violation of Twitter’s Privacy Policy (the “Privacy Policy”), and, therefore, Twitter’s Terms of Service, but also violates a 2011 agreement between Twitter and the United States Federal Trade Commission,” reads the lawsuit.

Interestingly, Twitter has already come under scrutiny by Ireland’s Data Protection Commission (DPC) over the API flaw that ended up losing the data of 5.4m users last July.

The lawsuit points out that in August 2022, Twitter said they fixed the API flaw that led to the July leak and found “no evidence to suggest someone had taken advantage of the vulnerability.”

The lawsuit seeks monetary damages and requires the court to order Musk’s company to better its security practices, employing independent third-party auditors, penetration testers as well as internal security personnel, that would enable the company to prevent similar leaks in the future.

However, as Musk took over the company, the number of Twitter employees was reduced by half, with more layoffs reportedly on the way. Security researchers fear that mass layoffs contribute to increased risks for cybersecurity in many tech companies.


More from Cybernews:

Mass layoffs in tech potential cybersecurity risk

Media apps most likely to be targeted by threat actors, says study

Deleted files disrupted over 11,000 flights – FAA

T-Mobile hack: 37M customers compromised

PayPal confirms data breach, thousands affected

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked