Twitter says source code was leaked on GitHub, now it’s trying to find the culprit
Illustration by Laura Normand / The VergeParts of Twitter’s source code were recently leaked online via GitHub, the New York Times reports, but were taken down after the social media platform filed a DMCA request. The request, which GitHub...
Parts of Twitter’s source code were recently leaked online via GitHub, the New York Times reports, but were taken down after the social media platform filed a DMCA request. The request, which GitHub has published online, notes that the leaked information included “proprietary source code for Twitter’s platform and internal tools.”
The NYT notes that the source code maybe have been public for several months before being removed — the GitHub profile associated with the DMCA takedown lists a single (non-public) code contribution from early January. The name of the account is listed as “FreeSpeechEnthusiast,” in an apparent reference to Twitter CEO Elon Musk calling himself a “free speech absolutist” in the past.
Twitter has asked for the names and IP addresses of anyone that downloaded the code
Proprietary source code is often among a company’s most closely held trade secrets. Making it public risks revealing its software’s vulnerabilities to would-be attackers, and can also give competitors an advantage by being able to see non-public internal workings. Source code has been a common target for hackers in the past, including in attacks on Microsoft, and the Cyberpunk 2077 developer CD Projekt Red.
As well as asking GitHub to take down the code, Twitter submitted a court filing in California in an attempt to find the person responsible, and to get information on any other GitHub users who may have downloaded the data. Bloomberg reports that the filing asked the court to order GitHub to reveal users’ names, addresses, telephone numbers, emails, social media profiles, and IP addresses.
A spokesperson for GitHub did not respond to questions about whether it would comply with Twitter’s request to supply identifying information, and an email sent to Twitter’s official press address received an auto-generated poop emoji in response. (Twitter’s press office was disbanded shortly after Musk’s acquisition.)
According to the NYT, Twitter executives suspect that an employee who left the company last year may be responsible for the leak. But that doesn’t exactly narrow things down given Musk laid off thousands of the company’s staff shortly after taking control of the social media network. Fears that departing employees might attempt to sabotage the business on their way out have reportedly led Twitter to implement code freezes ahead of layoffs.
News of the leaked source code comes just days before Twitter will supposedly open source “all code used to recommend tweets” on March 31st. But open-sourcing a recommendation algorithm like this (if it actually goes ahead this time), will likely reveal far less of the company’s proprietary code than the recent leak posted on GitHub.
Twitter has been through a turbulent time since its acquisition by Musk last year. The Tesla CEO, who paid $44 billion for Twitter last year but now says it’s worth just $20 billion, has been attempting to overhaul the social media network with an intense focus on cost-cutting and building out new revenue opportunities like its paid Twitter Blue subscriptions. But the core reliability of the service appears to have suffered as a result, with several outages and interruptions reported in recent months.