Data Security

X Gets Aggressive About Scraping on its Platform

Published: Aug. 08, 2023

Updated: Nov. 07, 2023

X Corp., the company formerly known as Twitter, has launched a multi-faceted attack on scraping of its platform, separately bringing three lawsuits against alleged scrapers of its site – John Does 1-4, Bright Data, Ltd., and Center for Countering Digital Hate (along with 50 scrapers) – including for taking its user data without authorization. Not only do these cases afford an opportunity for courts to provide more guidance around the applicability of various anti-scraping claims, but they also suggest a possible trend, especially among social media platforms, to seek legal recourse against scrapers that are allegedly benefiting financially from scraping their platforms. See, e.g., Meta’s blog post regarding its case against Voyager Labs.

X Corp. v. John Does 1-4

X Corp. filed suit against four unknown actors (identified by their IP addresses) for engaging in “widespread unlawful scraping of data from Twitter.” (In this complaint, the plaintiff is still referred to as “Twitter”). Although X Corp. asserts that it has various technical measures in place “to detect and disrupt entities from scraping its data,” it alleged that the scrapers’ requests:

  • Flooded Twitter’s sign-up page with automated requests;
  • Far exceeded what any single individual could send to a server in a given period;
  • Severely taxed Twitter’s servers and impaired the user experience for millions of users;
  • Harmed Twitter and compromised user data; and
  • Flagrantly ignored Twitter’s Terms of Service and the privacy preferences of Twitter users.

Despite language in the complaint describing defendants’ alleged violation of X Corp.’s terms and unauthorized access, X Corp. did not assert a breach of contract claim. Nor did it bring claims under the CFAA, equivalent state computer crimes laws, or common law conceptions of privacy.

Instead, X Corp. argued the defendants are liable for unjust enrichment because of the profits they earned through the unauthorized scraping of Twitter. Generally, to prevail on a claim of unjust enrichment, a plaintiff needs to show that the defendant was unjustly enriched at the plaintiff’s expense.

X Corp. v. Bright Data Ltd.

Soon after its lawsuit against the unknown scrapers, X Corp. sued Bright Data – a company that offers proxy networks, web scraping services, and datasets – for allegedly scraping and selling millions of records from X Corp.’s X platform in violation of its terms of service.

X Corp. specifically alleged that:

  • Bright Data induced and facilitated other X users to violate their own agreements with X Corp. by selling automated data-scraping tools and services that specifically target a wide range of X Corp. data;
  • Bright Data used elaborate technical measures to evade X Corp.’s anti-scraping technology, taxing the resources of X Corp.’s servers and hampering the user experience for legitimate X users; and
  • Bright Data is aware that its activities violate X Corp.’s Terms because the company and its executives are registered X account holders who have agreed to abide by the X terms.

X Corp. asserts claims for breach of contract (for violating X Corp.’s term of service), tortious interference with contract (by inducing other users to breach their contracts with X Corp.), and unjust enrichment (for profiting from scaping X data).

Relying on Bright Data’s own website and marketing copy, X Corp. highlighted in its complaint that Bright Data offers to sell millions of pages and tens of millions of data points. X Corp. also notes that in addition to Bright Data’s web scraper tool, the defendant advertises that it sells four tools specifically aimed at scraping the X platform.

Earlier this year, Meta sued Bright Data for scraping Facebook and Instagram in violation of Meta’s terms of service. In the complaint, Meta alleged that Bright Data was also unlawfully scraping Twitter, Amazon, Airbnb, LinkedIn, Etsy, and Bing.

Bright Data moved to dismiss Meta’s complaint in March 2023 on the basis that its scraping tools are “limited contractually and by design” to capture publicly available information and run “separately and independently from any Meta user account.” Currently, Bright Data and Meta are each moving for summary judgment, with a hearing scheduled in a few months.

X Corp. v. Center for Countering Digital Hate (CCDH)

X sued non-profit organization, Center for Countering Digital Hate (CCDH), and approximately 50 unnamed scrapers claiming that they scraped X data and have “embarked on a scare campaign to drive away advertisers from the X platform.”

In its complaint, X alleged the following causes of action:

  • Breach of contract – CCDH is allegedly a registered user of X and scraped data on the platform in violation of X’s terms;
  • Computer Fraud and Abuse Act — CCDH “convinced an unknown third party – in violation of that party’s contractual obligations – to improperly share login credentials to a secured database….” Using those credentials, on multiple occasions, CCDH allegedly accessed content on those systems without authorization.
  • Intentional interference with contractual relations and Inducing breach of contract – These two claims are based on CCDH’s alleged interactions with Brandwatch, a third-party provider that allows users to monitor brands on social media. X claims that CCDH gained unauthorized access to X data through Brandwatch, which CCDH knew would have caused Brandwatch to violate its agreement with X.

We will continue to monitor these cases, how the courts analyze them, and what they suggest about considerations for scraping activities.