Parts of Twitter’s source code were leaked to GitHub “several months” ago, according to a legal filing uncovered by The New York Times. This leak raises some security concerns, as Twitter’s source code may contain vulnerabilities that hackers can exploit.
Update, 3/30/23: As reported by Gizmodo, the court has ordered GitHub to reveal identifying information for all IP addresses associated with “FreeSpeechEnthusiast,” the account that leaked Twitter source code.
The source code was removed from GitHub on March 24th at Twitter’s behest. In its takedown request, Twitter asks that Github “preserve and provide copies of” the code’s upload, download, and access history. This could help Twitter identify the leaker and (potentially) pursue anyone who downloaded the source code.
There’s no indication that GitHub has shared this user data with Twitter. That said, Twitter is asking the U.S. District Court for the Northern District of California to intervene—it wants to force GitHub to identify users involved in this leak. (An order has not been issued by the court, and as Engadget notes, the U.S. District Court refused to provide Raytheon with anonymous user data in 2022.)
Other details are unknown. We don’t know the scope of this source code leak, for example. But we know the username of the leaker—FreeSpeechEnthusiast. Presumably, this username is a reference to the recent Twitter acquisition, which was earmarked by Elon Musk’s “free speech absolutist” attitude. The FreeSpeechEnthusiast account is only responsible for one upload, which was made in January of this year.
Some journalists speculate that the leaker is a disgruntled Twitter employee (or a former employee). This is little more than a hunch. Yes, Elon Musk has fired (or lost) about 80% of Twitter’s employees. But we have no evidence of sabotage, so there’s no point in jumping to conclusions.
We should note that Musk wants to publish some of Twitter’s code. He recently promised to open source “all code used to recommend Tweets” by March 31st. We’re not sure how this leak will impact Musk’s plan, but the security concerns are quite clear. (I suggest that Twitter users enable 2FA—to be clear, SMS 2FA now requires Twitter Blue, but Twitter offers alternative 2FA methods to all users.)
Source: The New York Times