Parts of Twitter’s source code were posted online via GitHub—and the company appears to have taken months to notice and ask for it to be removed, according to legal filings obtained by the New York Times.
The “rare and major exposure of intellectual property” resulted in Twitter submitting a takedown notice to GitHub on March 24, the Times wrote, and GitHub subsequently removed the code. A partially redacted version of the takedown notice posted to GitHub’s repository of requests identified the GitHub user who uploaded the code as using the handle “FreeSpeechEnthusiast,” a possible reference to Twitter owner Elon Musk, who throughout his troubled term at the helm of the company has referred to himself as a “free speech absolutist.”
The user in question contributed to a single repository in January, indicating the source code had been available for weeks. The timeline roughly matches one of the several rounds of layoffs at Twitter since Musk bought out the site for $44 billion and sought to rapidly cut costs.
It’s not clear exactly what source code—or how much of it—was in the repository. A company’s proprietary source code is usually a closely held trade secret, and for good reason: The code could be useful not only to competitors, but threat actors eager to look for vulnerabilities, which could lead to big paydays.
Twitter responded to IT Brew’s request for comment with its auto reply, which is a poop emoji.
Twitter is launching a manhunt of sorts for the as-yet-anonymous user behind the repository and has proposed a subpoena requiring GitHub to hand over data pertaining to them and anyone who accessed it, including names, addresses, contact information, and IP addresses. The most obvious candidate for a culprit would be a disgruntled ex-employee who had access to the code; as the Times reported, Musk has barred employees and engineers from making source code changes during layoffs.
Insider threats can be a huge problem, whether it’s sabotage, leaks, or an ex-employee attempting to take proprietary materials with them to their next job. A Q3 2022 report from the risk-advisory firm Kroll found that insider threats constituted “nearly 35% of all unauthorized-access threat incidents” handled by the company. However, locking down access to sensitive data can also undermine creativity and collaboration in the workplace.—TM
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.