Fraud Management & Cybercrime , Standards, Regulations & Compliance
Twitter Says Source Code Leaked on GitHub, Files SubpoenaSearch Is On by Twitter for GitHub User 'FreeSpeechEnthusiast'
Twitter is taking legal action after disclosing that an unknown user leaked parts of its source code on the open-source code collaboration platform GitHub.
See Also: LIVE Webinar | Hackers Don't Back Down, So You Need to Back Up: Data Security's Hardest Truths
The social media giant on Monday requested a subpoena from the U.S. District Court for the Northern District of California asking GitHub to provide additional details about a user with the handle "FreeSpeechEnthusiast."
GitHub took down the proprietary source code for Twitter's platform and internal tools last Friday after Twitter reported the intellectual property infringement issue to the code platform company under the Digital Millennium Copyright Act.
The user account named in the court documents remains active on the platform. Records show that it was created in January and the code likely remained exposed for months.
Twitter petitioned to the court to seek all identifying information from GitHub, including names, addresses, telephone numbers, email addresses, social media profile data and IP addresses of the users associated with FreeSpeechEnthusiast and anyone who posted, uploaded, downloaded or modified the data in the now-disabled repository.
Neither Twitter nor GitHub responded to Information Security Media Group's request for additional details on when and how the leak was identified and if it compromised Twitter security.
The New York Times reported that Twitter's investigation into the leak revealed that the GitHub user or users left the San Francisco-based company last year, but it did not say whether the user was a disgruntled ex-employee of Twitter who might have posted the code out of revenge.
Since his $44 billion buyout of Twitter in October 2022, Elon Musk has fired nearly half of Twitter's workforce at the time, citing declining revenues and business strategy realignment. Earlier in 2022, Twitter fired its head of security, Peiter Zatko, who subsequently testified before Congress as a whistleblower about the company's lax security practices (see: Twitter: Head of Security Reportedly Fired; CISO to Leave).
Twitter Moving to Open-Source Code
The news of the source code leak comes days before Twitter is scheduled to release its recommended-tweets code for open-source inspection on Friday, according to a tweet by Musk on March 17.
"Our 'algorithm' is overly complex and not fully understood internally. People will discover many silly things, but we'll patch issues as soon as they're found!" Musk assured.
The company is instead developing a simplified approach, which is a work in progress, he said. "That'll also be open source. Providing code transparency will be incredibly embarrassing at first, but it should lead to rapid improvement in recommendation quality."
In February, Musk announced that Twitter would make its algorithm "open source" and improve it "rapidly." Musk said the change was supposed to happen within a week, but no details about the schedule have since been released by Musk or Twitter.