A New Yorker is suing Twitter for $5 million over a data leak that researchers say exposed the information of more than 200 million users

A New Yorker is suing Twitter for $5 million over a data leak that researchers say exposed the information of more than 200 million users
Getty Images
  • A Twitter user is suing the company for $5 million over a data leak which exposed users' personal information.
  • According to cybersecurity researchers, the leak impacted over 200 million users.

Twitter is being sued for $5 million over a data leak that researchers said exposed the personal information of more than 200 million users.

New York resident and Twitter user Stephen Gerber filed a lawsuit against the social media firm on Friday in the Northern District of California, claiming that his personal data was leaked after the information was stolen by hackers between 2020 and 2021.

Gerber filed the class action lawsuit, which Insider has viewed, on behalf of himself and others affected by the data leak, and is seeking $5 million or more in damages.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Gerber pinned the data leak on hackers exploiting a vulnerability in Twitter's application programming interface (API) which allowed them to obtain users' Twitter usernames, email addresses, and phone numbers.

"Twitter seemingly buried its head in the sand regarding the magnitude of this API exploitation or, even worse, Twitter may have even taken actions intended to conceal the true magnitude of this API exploitation," the lawsuit reads.


It added: "This is extremely problematic because it evidences that Twitter (which, to this day has inexplicably failed to notify or contact the victims of this particular API exploitation) refuses to acknowledge the seriousness of what has occurred."

The lawsuit said that the personal information of victims was now being distributed and sold on the dark web.

Twitter and lawyers for the plaintiff did not immediately respond to Insider's request for comment, sent outside of business hours.

In early January, cybercrime intelligence company Hudson Rock suggested that hackers had stolen over 200 million Twitter users' information and published them onto a publicly available online hacking forum.

"This is one of the most significant data leaks in history and will, unfortunately, lead to a lot of accounts getting hacked, targeted with phishing, and doxxed," Hudson Rock's founder, Alon Gal, told Insider.


On January 11, two days before the suit was filed, Twitter published a notice on its website denying that the data leak resulted from a system flaw.

"In response to recent media reports of Twitter users' data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems," the post said.