Twitter has taken down a GitHub listing in which a significant amount of the social media site’s source code was leaked, according to a legal finding on Friday acquired by The New York Times.
The leaked code appeared to have been available on GitHub for several months before Twitter sent a copyright infringement takedown on Friday. It included “proprietary source code for Twitter’s platform and internal tools,” according to the filing. The code is no longer available on GitHub since that time.
Jump to:
- Identity of the person who posted Twitter’s code is unknown
- Leaked code could lead to more cybersecurity risk amid job cuts
- Twitter’s rewards vs. cybersecurity risk
- Musk plans to make recommendation algorithm open source
Identity of the person who posted Twitter’s code is unknown
The owner of the GitHub account that posted the code went by the handle “FreeSpeechEnthusiast.” Twitter has filed a request with the U.S. District Court for the Northern District of California to ask GitHub, which is owned by Microsoft, to reveal the identity of this person and anyone else who downloaded the code.
Executives involved in the matter speculate that the person who leaked the code may have been one of the employees laid off or who resigned last year, reported The New York Times. Many Twitter employees were let go or chose to leave when tech mogul Elon Musk bought the company in October 2022.
Leaked code could lead to more cybersecurity risk amid job cuts
Since Musk’s purchase, both Twitter’s revenue and adjusted earnings for the month fell about 40% year over year. About 80% of Twitter’s employees have been let go or moved to different companies of their own accord.
Twitter’s job cuts could open the social media giant up to cybersecurity threats. Depending on what the leaked code contains, it’s an inside look into Twitter’s underpinnings. The main worries here are that hackers could discover vulnerabilities in the source code, giving them the power to find out private information about Twitter users or take the site down from the inside.
SEE: How to prevent data theft by existing and departing employees (Tech Republic)
“The alleged security incident will unlikely have any major impact on Twitter and its users, unless some critical parts of the code were actually exposed and misappropriated by cyber threat actors,” said Ilia Kolochenko, founder of ImmuniWeb and a member of Europol Data Protection Experts Network. “For instance, source code of business-critical APIs, which allow vetted third parties to remotely access sensitive data of Twitter users, can possibly expose critical security vulnerabilities that are undetectable from the outside.”
Twitter’s rewards vs. cybersecurity risks
Twitter is still one of the best options for social media, especially for communicating with other professionals in a space less formal than LinkedIn. The way Twitter shed employees under Musk’s management isn’t a great sign, though, as laid-off engineers could reveal hidden vulnerabilities afterward. Twitter is likely to feel the effects of the downsizing the more time goes on as downstream problems crop up.
Brett Callow, a threat analyst at cybersecurity company Emsisoft, told The New York Times the leak is “concerning.”
However, Kolochenko said the timing means it’s likely this particular leak won’t be the one to kick the legs out from under Twitter.
“The source code was probably not that sensitive if Twitter allegedly requested the removal only after several months [when] the code had been publicly accessible,” Kolochenko said. “Companies like Twitter usually have multiple solutions to continually monitor accidental or malicious exposure of sensitive data on GitHub and other code repositories, so they likely spotted the leak on the very same day when the code had become public.”
Musk plans to make recommendation algorithm open source
Elon Musk tweeted on March 17 a decision to make “all code used to recommend tweets” open source on March 31, so it seems possible that at least some of the leaked source code might wind up being publicly available.
“Our ‘algorithm’ is overly complex & not fully understood internally,” Musk wrote in the March 17 tweet. “People will discover many silly things.”