Twitter has removed internal source code for its platform and tools that has been leaked on GitHub for months. Now he is trying to use a subpoena to track down those who leaked and uploaded his code.
On Friday, GitHub complied with a DMCA infringement notice issued by Twitter because the leak exposed proprietary source code and internal tools, which could pose a security risk to Twitter.
According to the DMCA notice, the leak came from someone using the handle “FreeSpeechEnthusiast”, a clear reference to Elon Musk calling himself a free speech absolutist and suggesting it’s a disgruntled Twitter employee.
According to a report by The New York Timesit’s unclear when the code was leaked, but the post says “it appears to have been public for at least several months.”
As a solution to the copyright infringement, Twitter said GitHub should provide access history information to the leak, which could determine who downloaded or copied the code.
“Please retain and provide copies of any associated upload/download/access history (and any contact information, IP address, or other session information related thereto), and any associated logs related to this repository or to one of its forks, before removing all infringing content from Github,” reads the DMCA Twitter Notice at GitHub.
The leaker’s GitHub account is still active but no longer has any public repositories. However, his past activity shows that the first contribution (e.g. committing to a filing or opening an issue/discussion) was January 3.
Twitter is now trying to use a subpoena to force GitHub to provide identifying information regarding the FreeSpeechEnthusiasm user and anyone who accessed and distributed the leaked Twitter source code, which would be used for further legal action.
“All identifying information, including name(s), address(es), telephone number(s), email address(es), social media profile data and address IP(s), for user(s) associated with the following GitHub Username: FreeSpeechEnthusiast Please include all credentials provided when creating this account, as well as all subsequently provided for billing or administrative purposes.
“All identifying information, including name(s), address(es), telephone number(s), email address(es), social media profile data and address (s) IP, for users who have posted, uploaded, downloaded or modified data at the following URL [FreeSpeechEnthusiasm’s public GitHub repo].”
In a response to BleepingComputer, GitHub said it had nothing further to add, as it is the platform’s general policy not to comment on content removal decisions.
It’s unclear how many people accessed or downloaded Twitter’s leaked source code, but the leaker had few followers. Even so, the leak could have repercussions for Twitter as the code could be scrutinized for potentially exploitable vulnerabilities.
BleepingComputer has contacted Twitter with a request for comment on the above, but we have not received a significant answer again.
In February 2023, Twitter owner and CEO Elon Musk announcement that the company would open the platform’s algorithm soon, although a timeline has yet to be set.
On March 31, however, Twitter is expected to open the code used to recommend tweets, according to a message on Musk’s platform.