Application security, Supply chain, Compliance Management

Twitter moves to squash leak of source code, petitions court to identify leaker

Twitter bird seen on its headquarters

GitHub removed leaked source code from Twitter and disabled a user's account after the social media platform filed a copyright infringement request and petitioned a district court on copyright grounds.

According to court documents filed Friday in the United States District Court of Northern California, parts of Twitter's proprietary source code and internal tools — the base programming that underpins the social network’s site — was leaked on GitHub, one of the largest open-source communities owned by Microsoft.  

GitHub removed leaked source code from Twitter’s on Friday after the social Media giant filed the copyright infringement request. As part of the takedown request, Twitter also asked the court to order GitHub to find the person responsible under the name FreeSpeechEnthusiast and the users who downloaded the leaked code.  

“The to identify the alleged infringer or infringers who posted Twitter’s source code on systems operated by GitHub without Twitter’s authorization, which postings infringe copyrights held by Twitter,” Julian Moore, director and associate general counsel at Twitter, wrote in a declaration submitted to the court.  

Attached to the filing were details of an email thread Mar. 24 between Moore and GitHub submitted via GitHub’s online copyright infringement form. In the exchange, Moore also asked GitHub to preserve and provide copies of any relevant information related to the account “FreeSpeechEnthusiast,” including its upload, download, access history, contact information, and IP addresses. The account has since been suspended.  

Proprietary source code often is considered sensitive information that, if leaked, could allow bad actors to identify latent vulnerabilities that could be exploited by hackers, or harm the company's business operation, reputation or competitive advantage. 

A GitHub spokesperson told SC Media on Monday that the platform does not generally comment on decisions to remove content, but in the interest of transparency for the case, GitHub shared Twitter’s DMCA takedown request publicly on the platform.  

GitHub declined to comment on further details of the incident, including more information about FreeSpeechEnthusiast, how long the code has been published, and whether users have downloaded it.  

According to the New York Times’ report over the weekend, the code may have been public for at least several months before being removed. 

The NYT also reported that Twitter’s executives suspect that the perpetrator could be an employee who left the company last year. Following Elon Musk’s takeover last year, Twitter laid off thousands of employees across the company, including those on engineering and product teams.  

The incident came just days before Twitter was set to make all code used to recommend tweets open source on March 31. Elon Musk made the announcement on March 17.  

SC Media reached out to Twitter but received a poop emoji in response, an automated messsage the company now sends for all emailed press requests.   

Tim Mackey, principle security strategist at Synopsys Cybersecurity Research Center said that organizations who decide to make an existing open source "has more work to do than simply making the source code available in GitHub."

"[making code open source] takes time. So while Twitter might have a target deadline, if that deadline comes and goes due to due diligence effort, the software community who is waiting on the Twitter source code is better served as a result of diligence delay," he said.

This is not the first time a tech company’s source code has been leaked online. A year ago, the hacking group Lapsus$ claimed responsibility for stolen code from Microsoft, Nvidia, Samsung, and other major companies. In August, password management company LastPass confirmed that hackers had stolen parts of its source code and proprietary technical information. In December, Uber’s source code was leaked on BreachForums as a part of a cyberattack. 

Menghan Xiao

Menghan Xiao is a cybersecurity reporter at SC Media, covering software supply chain security, workforce/business, and threat intelligence. Before SC Media, Xiao studied journalism at Northwestern University, where she received a merit-based scholarship from Medill and Jack Modzelewski Scholarship Fund.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.