Twitter source code 'accidentally exposed', GitHub delisted overnight: the leaker is suspected to be a fired employee

Open source code from large technology companies is nothing new, but Twitter’s “passive open source” has become a hot topic in the technology circle.

Recently, part of Twitter’s source code “accidentally” appeared on GitHub.

"It is unclear how long the leaked code has been posted online, but it appears to have been public for at least several months." The New York Times wrote in the report. Interestingly, Twitter executives appear to have only recently become aware of the leaked source code.

After discovering this, Twitter quickly submitted a DMCA (Digital Millennium Copyright Act) takedown notice. The DMCA takedown notice requires GitHub to provide the code committer's "upload/download/access history," contact information, IP address and any session information, as well as "related logs related to this repo or any fork."

GitHub disabled the repository on Friday but did not provide all the information Twitter was seeking.

Leaker’s identity guess: Fired former Twitter employee?

For a time, the identity of this "leaker" became the biggest suspense.

The username of the GitHub user who released the Twitter source code is "FreeSpeechEnthusiast", which may be referring to it - Twitter CEO Musk once flaunted himself as a "defender of free speech" ”.

This username is extremely ironic.

"FreeSpeechEnthusiast"'s profile shows that the user joined GitHub on January 3, 2023, and submitted the only code on the same day. Twitter's DMCA notice to GitHub describes the code as "proprietary source code for the Twitter platform and internal tools."

One speculation is that the leaker may be one of the 5,500 employees who left Twitter due to layoffs, firings or resignations after Musk acquired the company.

However, many fired employees simply did not have access to the specific source code that was leaked, so the scope of the investigation may be narrowed further. "Twitter began investigating the leaks, and executives working on the matter speculated that the person in charge of the project left the San Francisco-based company last year," the New York Times wrote, "two people with knowledge of the internal investigation said ."

Musk said on March 17 that Twitter would open source "all the code used to recommend tweets" by March 31, but this part was leaked The code can be much more sensitive.

Such a passive "open source" is obviously not what Twitter wants. The New York Times stated that Twitter executives were concerned that "the code contained security vulnerabilities that could give motivated parties the opportunity to extract user data or shut down the site."

Twitter: I want to get all the information about this person

March 24, Twitter issued a takedown notice in response to the incident. GitHub disabled the repository less than an hour and a half after Twitter submitted the takedown notice.

##DMCA Notice: https://github.com/github/dmca/blob/master/2023/03/2023-03 -24-twitter.md

"The DMCA notice is directed to service provider GitHub," Twitter said. "GitHub operates this website, and the infringing party posted various excerpts of Twitter's source code. These postings infringed the copyright held by Twitter in these materials."

in the notice It also asked for further searches of the repositories where the Twitter source code was posted to identify any "users who posted, uploaded, downloaded or modified the data."

Foreign media ArsTechnica contacted GitHub about the DMCA notice. GitHub did not comment on Twitter’s request for user identifying information or its attempt to obtain a subpoena. "GitHub does not typically comment on decisions to remove content. However, in the interest of transparency, we share each DMCA takedown request publicly," a GitHub spokesperson said.

Meanwhile, Twitter filed a petition with the Northern California District Court asking a federal court to issue a subpoena later in the day to help find the leaker.

It states that "all identifying information associated with the GitHub username "FreeSpeechEnthusiast" is sought, including the user's name, address, phone number, email address, social media profile data and IP address" and also requires "all identifying information provided when establishing this account and all identifying information subsequently provided for billing or administrative purposes." Perhaps more worryingly for Twitter, the user had copies of the code that had not been uploaded to GitHub.

Public court documents contain email threads with GitHub:

since last year Twitter has been in turmoil since Musk took over. He took drastic steps to cut costs at Twitter, including massive layoffs. The scope of layoffs includes senior engineers, teams working on Twitter's back-end technology, and related personnel with "institutional knowledge." This resulted in significant glitches and instability on the Twitter platform, including a series of major outages. Musk also reportedly laid off about 5,000 contractors shortly after the acquisition.

In addition, Musk has relaunched a new subscription plan that includes “verification” as a benefit. Twitter has already made $11 million from the new service, according to analytics firm Sensor Tower.

I still remember that during last year’s layoffs, Twitter made a lot of efforts to prevent such damage, such as freezing the code and locking employees’ access cards before telling them they were fired. , email, company credit card, etc. Now it seems that these "means" are not very effective.

The above is the detailed content of Twitter source code 'accidentally exposed', GitHub delisted overnight: the leaker is suspected to be a fired employee. For more information, please follow other related articles on the PHP Chinese website!