Twitter files complaint against source code leak
Twitter has filed a legal complaint to take down parts of Twitter’s source code, which was leaked online and posted on the Microsoft-owned software repository GitHub.
GitHub agreed to immediately remove the content after Twitter sent over a copyright infringement notice, according to an NYT report.
The leak reportedly appeared to have been public for several months. Twitter also asked a federal court to force GitHub to provide information on who was behind the account which leaked the code. The leaker appeared to go by the name “FreeSpeechEnthusiast” on GitHub, Twitter’s legal filing reportedly said.
The internal probe into the leak determined whoever published the code left the company last year as executives handling the investigation were only recently made aware of the leak, NYT reported.
Source code leaks are usually caused by misconfiguration of software like Concurrent Versions System (CVS), a program that lets a code developer save and retrieve different development versions of source code or File transfer protocol (FTP), a way to download, upload, and transfer files from one location to another on the Internet and between computer systems. It allows people to get source files through exploits, software bugs, or employees that have access to the sources or part of them revealing the code in order to harm the company.
Musk, who bought the company for $44 billion in October slashed over 75% of Twitter's workforce and faced an exodus of advertisers since buying the platform in October last year.
He also told employees in an email that Twitter was now worth about $20 billion as he noted mass layoffs and cost-cutting efforts saved the company from bankruptcy, according to an NYT report.
Targeting of source codes is common in the tech industry. In March 2022, Microsoft was targeted by the Lapsus$ hacking group, which released a 9-gigabyte zip archive that contained source code for Microsoft’s Bing search, Bing Maps, and Cortana voice assistant.
Similarly, in October 2021, Twitch, an American live streaming service focused on interactive gaming owned by Amazon Web Services (AWS), suffered a data breach when a 125-GB torrent file was posted on a public message board. Attackers not only leaked Twitch’s source-code but also internal security protocols and the earning records of many top streamers. Other companies such as AWS, automaker Nissan, social media firm Snapchat and several others have experienced source code leaks in the last 2-3 years.
Experts believe that the repercussions of a leak extend far beyond the source code and can have serious ramifications on the security of a company and people using its applications. With access to source codes, hackers can easily find vulnerabilities and even manipulate them to carry out backdoor attacks.