Twitter has taken down internal source code for its platform and tools that was leaked on GitHub for months. Now it's using a subpoena to search for those who leaked and downloaded its code.
On Friday, GitHub complied with a DMCA infringement notice issued by Twitter because the leak exposed proprietary source code and internal tools, which could pose a security risk to Twitter.
According to the DMCA notice, the leak came from someone using the handle "FreeSpeechEnthusiast," a clear reference to Elon Musk's calling himself a free speech absolutist and suggesting that they are a disgruntled Twitter employee.
According to a report from The New York Times, it is unclear when the code was leaked, but the publication says that "it appeared to have been public for at least several months."
As a solution for the copyright infringement, Twitter indicated that GitHub should provide info about the access history for the leak, likely to determine who downloaded or copied the code.
"Please preserve and provide copies of any related upload / download / access history (and any contact info, IP addresses, or other session info related to same), and any associated logs related to this repo or any forks thereof, before removing all the infringing content from Github," reads the Twitter DMCA notice to GitHub.
The leaker's GitHub account is still active but no longer has any public repositories. However, its past activity shows that the user's first contribution (e.g., committing to a repo or opening an issue/discussion) was on January 3.
Twitter is now attempting to use a subpoena to force GitHub to provide identifying information regarding the FreeSpeechEnthusiasm user and anyone who accessed and distributed the leaked Twitter source code, which would be used for further legal action.
"All identifying information, including the name(s), address(es), telephone number(s), email address(es), social media profile data, and IP address(es), for the user(s) associated with the following GitHub username: FreeSpeechEnthusiast. Please include all identifying information provided when this account was established, as well as all identifying information provided subsequently for billing or administrative purposes.
"All identifying information, including the name(s), address(es), telephone number(s), email address(es), social media profile data, and IP address(es), for the users who posted, uploaded, downloaded or modified the data at the following URL [FreeSpeechEnthusiasm's public GitHub repo]."
In a reply to BleepingComputer, GitHub said that they didn't have anything else to add, as it is the general policy of the platform not to comment on decisions to remove content.
It is unknown how many people accessed or downloaded Twitter's leaked source code, but the leaker had few followers. Even so, the leak could have repercussions for Twitter as the code may be scrutinized to find potentially exploitable vulnerabilities.
BleepingComputer has contacted Twitter with a request for a comment on the above, but we have not received a meaningful response yet.
In February 2023, Twitter's owner and CEO, Elon Musk, announced that the company would open source the platform's algorithm soon, although a timeline has yet to be defined.
On March 31, though, Twitter is expected to open source the code used for recommending tweets, according to a message on the platform from Musk.
Comments
As seen on TV - 1 year ago
Now that everyone knows and people who DL'ed know they may have an issue with obtaining proprietary data, it will be disseminated via a torrent if it hasn't already, and snatched by millions and then it's everywhere
h_b_s - 1 year ago
"Now that everyone knows and people who DL'ed know they may have an issue with obtaining proprietary data, it will be disseminated via a torrent if it hasn't already, and snatched by millions and then it's everywhere"
Assuming many people really care to even look at it. This is more of a poke in God's-Gift-To-Noone's eye than someone releasing anything really important. If the person ever gets caught, I doubt they'll find this act as satisfying after rotting in prison a few years (theft of trade secrets is a felony).
Sgtkeebler - 1 year ago
Didn’t Elon post part of this code or the structure of the source code and posted it to a white board photo for Twitter?