Clearly they did not transfer only US users but for sure EU users data. I guess HN here too? This would violate GDPR especially Art. 48. Companies can have fines up to 4% global revenue and mass collective damages claims in EU courts. Best fill in the Netherlands and or Ireland.
Coordinate with EU GDPR actions and U.S. discovery rules, that are the strongest in the world. Get the internal emails...Millions to be earned...
For US users you are out of luck. The US is the country of loopholes, and although these subpoenas were not from a judge, several agencies can issue them, under multiple jurisdiction laws.