Twitter Anonymous Users’ Information Exposed Class Action

Twitter, Inc. runs a worldwide social media platform that the complaint for this class action calls “a digital, modern-day version of the public square.” Some users have chosen to remain anonymous in their use of Twitter, but the complaint alleges that a problem with Twitter’s application programming interface (API) in 2021 and 2022 permitted hackers to “scrape” personally identifiable information (PII) from Twitter and link usernames to email addresses (which may include real names) and telephone numbers.

The Nationwide Class for this action is all Twitter users who had their email addresses or telephone numbers compromised in Twitter’s API exploitation between June 2021 and January 2022.

Twitter makes money through its users, the complaint alleges, through the use of information generated by their use of the platform and by displaying advertising directed at them. The income from these sources, the complaint claims, is the reason that Twitter was at one point valued at $44 billion.

Many people who post opinions or other content online do not like to use their real names, and this privacy may be important to them. The complaint alleges, “Users may use pseudonyms and other anonymous usernames so that they may express themselves and their opinions without fear of retaliation, embarrassment, or other repercussions from their employer(s), colleagues, acquaintances, neighbors or government.”

The exposure of supposedly anonymous user names in combination with email addresses and phone numbers may allow cybercriminals to link the supposedly anonymous accounts and tweets with a real identity, the complaint alleges—for example, through an email address that includes all or a portion of the user’s real name.

Twitter has not admitted to the depth of the problem with this exposure, the complaint claims, quoting the company as saying, about the API problem, “When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability.” According to the complaint, Twitter has not even contacted the victims of the exposure.

According to the complaint, Twitter was previously in trouble with the Federal Trade Commission (FTC) about alleged misrepresentations of its consumer privacy protections and entered into a consent order with the FTC in 2011.

The complaint quotes the consent order as saying that Twitter “shall not misrepresent … the extent to which [Twitter] maintains and protects the security, privacy, confidentiality, or integrity of any nonpublic consumer information, including … misrepresentations related to its security measures to: (a) prevent unauthorized access to nonpublic consumer information; or (b) to honor the privacy choices exercised by users.”

According to the complaint, the exposure included the information of 200 million users. The complaint claims, “Because of the anonymized, pseudo-anonymized and confidential nature of Twitter … these Twitter users were not only misled by Twitter into thinking that they would remain publicly anonymous if they chose to do so, but that the PII underpinning their accounts would also remain safely guarded by Twitter.”

Article Type: Lawsuit
Topic: Privacy
Tags: Exposing Private Information, Sharing Personal Information with Third Parties, Your Privacy