Twitter takes legal action after source code leaked online | Twitter | The Guardian

Twitter takes legal action after source code leaked online
Elon Musk-owned platform demands that GitHub identifies who posted parts of its code

Dan Milmo Global technology editor
Mon 27 Mar 2023 11.16 BST
Twitter has revealed some of its source code has been released online and the social media platform owned by Elon Musk is taking legal action to identify the leaker.

According to a court filing made on Friday, Twitter is demanding that GitHub, a code-sharing service, identifies who released on the platform parts of its source code – the underlying software on which the service operates.

GitHub has taken down the leaked code but Twitter has asked a US court to order the Microsoft-owned business to “identify the alleged infringer or infringers who posted Twitter’s source code on systems operated by GitHub without Twitter’s authorisation”.

Elon Musk.
Elon Musk memo suggests Twitter worth less than half of what he paid for it
Read more
The code was posted online by a GitHub user who used the name FreeSpeechEnthusiast, in an apparent nod to Musk, referring to himself as a “free speech absolutist.”

Musk is obsessed with the threat of Twitter being sabotaged by current and former staff, according to the tech newsletter Platformer, after a takeover that led to the immediate firing of half of Twitter’s 7,500 staff and the reinstatement of formerly suspended rightwing accounts including that of Donald Trump. Twitter’s workforce now numbers fewer than 2,000 people.

In the court filing, Twitter’s assistant general counsel, Julian Moore, said the request to identify the leaker was being made under the Digital Millennium Copyright Act, which came into force in 1998.

Leaking source code could allow security vulnerabilities, according to one expert.

“Leaks of source code like this can allow security vulnerabilities to be identified and may disclose sensitive commercial information,” Steven Murdoch, a professor of security engineering at University College London, said. “However, Twitter’s most valuable resources are its brand, customer base, and the skills of its employees. I would be surprised if this leak has any significant long-term effect on the company.”

Twitter’s cybersecurity setup was strongly criticised by a whistleblower before Musk completed his takeover. Twitter’s former head of security, Peiter “Mudge” Zatko, who was fired in January 2022, claimed he had uncovered “extreme, egregious deficiencies by Twitter in every area of his mandate”, including weak controls of employee access to user data and interference by foreign governments.

The filing on Friday was made as Musk revealed to employees that the business he bought for $44bn (£36bn) in October is now worth less than half that, according to a memo seen by the New York Times. The memo said Twitter, which has debts of $13bn related to the financing of the takeover, had been four months away from running out of money. The platform, which makes most its revenue from advertising, has been hit by an advertiser boycott after Musk’s acquisition, amid concerns over issues including moderation standards and the impact of job cuts.

GitHub has been contacted for comment. A request for comment from Twitter’s press office was met with an automated reply containing a poo emoji, a new policy announced by Musk this month.