Twitter Source Code Leaks on GitHub Developer Platform

The company's intellectual property leak is discovered in the wake of massive layoffs and staff resignations. Twitter tells the New York Times the culprit is likely an employee who left the company last year.

Brian T. Horowitz, Contributing Reporter

March 28, 2023

3 Min Read
In this photo illustration GitHub logo is seen displayed on a smartphone
Igor Golovnov via Alamy Stock

An anonymous individual has leaked parts of Twitter’s source code on GitHub, the Microsoft-owned open-source development platform, according to The New York Times.

Twitter requested a subpoena from the US District Court in the Northern District of California on Friday, March 24, to ask that GitHub reveal who shared the code as well as other users who downloaded the intellectual property, the filing stated.

Friday, Twitter submitted a Digital Millennium Copyright Act (DMCA) request to GitHub notifying the service of the copyright infringement. Passed in 1998, the DMCA established a notice-and-takedown system for copyright owners to notify online service providers about infringing material that should be taken down.

GitHub has since removed the code. A page on the profile of user FreeSpeechEnthusiast stated, “This repository is currently disabled due to a DMCA takedown notice. We have disabled public access to the repository.”

The user’s name refers to Elon Musk’s call for Twitter to be “free speech-first.” The social media platform’s owner and CEO discussed his views on free speech at the TED2022 conference last April.

“Is someone you don't like allowed to say something you don't like? If that is the case, then we have free speech,” Musk said, Axios reported at the time. “It's damn annoying, but that is the sign of a healthy, functioning free speech situation.”

In the onstage interview with journalist Chris Anderson, Musk had also called for Twitter’s ranking algorithm to be published on GitHub.

In response to Twitter’s code being published on the platform, a GitHub spokesperson responded with the following statement to InformationWeek:

“GitHub does not generally comment on decisions to remove content. However, in the interest of transparency, we share every DMCA takedown request publicly.” The representative directed us to the takedown request.

Meanwhile, Twitter’s official press address responded with its now-famous auto-generated poop emoji.

IP Leak Follows Layoffs, Resignations

The leak follows a series of layoffs at Twitter that purged more than half of its staff, from executives to engineers. About 75% of Twitter’s 7,500 employees quit or were laid off, according to The New York Times. A Twitter internal investigation revealed that the person responsible for the leak likely left Twitter last year, the Times reported, citing two people briefed on the internal investigation.

The executives also expressed concern about the hackers compromising Twitter by extracting user data or crashing the site, the Times reported.

Since Musk took over, Twitter has also suffered some outages. Thousands of Twitter users were unable to access links from the social media platform as well as other sites on March 6. Musk attributed the outage to a change to Twitter’s data-access tool, according to Reuters.

“A small API change had massive ramifications. The code stack is extremely brittle for no good reason,” Musk tweeted. “Will ultimately need a complete rewrite.”

Source Code Leaks Have Impacted Google, Microsoft in Recent Years

Twitter is not the only company to suffer a leak of intellectual property online. Source code for Microsoft’s Bing search engine and virtual assistant Cortana have been leaked. Hacking group Lapsus$ took credit, according to Bloomberg.

Meanwhile, password management service LastPass also reported source code and technical information stolen in August 2022.

“While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service,” LastPass CEO Karim Toubba wrote in a blog post.

In 2020, a self-driving car engineer Anthony Levandowski received an 18-month prison sentence for stealing code for Google. However, he received a pardon from President Donald Trump in January 2021.

What to Read Next:

What Just Broke?: Twitter to Charge for Basic API Access

What Happens if Microservices Vanish -- for Better or for Worse

Could Elon Musk’s Staff Purge Create a ‘Twitter Mafia?’

About the Author(s)

Brian T. Horowitz

Contributing Reporter

Brian T. Horowitz is a technology writer and editor based in New York City. He started his career at Computer Shopper in 1996 when the magazine was more than 900 pages per month. Since then, his work has appeared in outlets that include eWEEK, Fast Company, Fierce Healthcare, Forbes, Health Data Management, IEEE Spectrum, Men’s Fitness, PCMag, Scientific American and USA Weekend. Brian is a graduate of Hofstra University. Follow him on Twitter: @bthorowitz.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights