Twitter Says Parts of Its Source Code Were Leaked Online
The leak adds to the challenges facing the Elon
Musk-owned company, which is trying to identify the person responsible and any
other people who downloaded the code.
By Ryan Mac
and Kate Conger
March 26,
2023
https://www.nytimes.com/2023/03/26/technology/twitter-source-code-leak.html
Parts of
Twitter’s source code, the underlying computer code on which the social network
runs, were leaked online, according to a legal filing, a rare and major
exposure of intellectual property as the company struggles to reduce technical
issues and reverse its business fortunes under Elon Musk.
Twitter
moved on Friday to have the leaked code taken down by sending a copyright
infringement notice to GitHub, an online collaboration platform for software
developers where the code was posted, according to the filing. GitHub complied
and took down the code that day. It was unclear how long the leaked code had
been online, but it appeared to have been public for at least several months.
Twitter
also asked the U.S. District Court for the Northern District of California to
order GitHub to identify the person who shared the code and any other
individuals who downloaded it, according to the filing.
Twitter
began an investigation into the leak and executives handling the matter have
surmised that whoever was responsible left the San Francisco-based company last
year, two people briefed on the internal investigation said. Since Mr. Musk
bought Twitter in October for $44 billion, about 75 percent of the company’s
7,500 employees have been laid off or resigned.
The
executives were only recently made aware of the source code leak, the people
briefed on the internal investigation said. One concern is that the code
includes security vulnerabilities that could give hackers or other motivated
parties the means to extract user data or take down the site, they said.
.
The exposed
source code adds to the challenges facing Mr. Musk’s Twitter. Technology
companies often view such code as a closely held secret and do not share it for
fear that it could give competitors an unfair advantage or reveal security
vulnerabilities.
But even as
tech companies strive to protect their code bases, they have become ripe
targets for opportunists, hackers and others. Last year, a hacking group
successfully stole source code from Microsoft and other major companies. And in
2020, Anthony Levandowski, a star engineer of self-driving cars, was sentenced
to 18 months in prison for stealing code from Google as he prepared to start a
new job. (Mr. Levandowski was later pardoned by then-President Donald J.
Trump.)
The public
posting of Twitter’s code is “concerning,” said Brett Callow, a threat analyst
at Emsisoft, a cybersecurity software company. “It does make it a little bit
easier and speedier to probe for vulnerabilities.”
For
Twitter, the leak also comes on top of mounting structural and financial
challenges. Mr. Musk has been trying to turn around the social network over the
past few months by slashing costs, trying out new features and welcoming back
previously banned users. But outages of the service have increased, while
advertisers — the main source of revenue for the company — have been skittish
about running ads on the site.
The turmoil
has caused financial damage. On Friday, Mr. Musk told employees in an email
that Twitter was worth roughly $20 billion, down more than 50 percent from what
he paid for it. He said “radical changes” at the company, including mass
layoffs and cost cutting, were necessary to avoid bankruptcy and streamline
operations.
“Twitter is
being reshaped rapidly,” Mr. Musk wrote in the email seen by The New York
Times. He added that the company could be thought of as “an inverse start-up”
and that he believed Twitter could someday be worth $250 billion.
Mr. Musk
did not respond to a request for comment about Twitter’s leaked code. GitHub
declined to comment on the decision to remove the code, but posted Twitter’s
takedown request on its website.
The leak
comes as Mr. Musk has promised to make some of Twitter’s code public. This
month, the billionaire said he would make the code that Twitter uses to
recommend tweets publicly available by the end of March, so that it could be
reviewed by anyone and scrutinized for possible flaws. The process could help
Twitter’s code become more secure, as people identified and reported problems
with it.
At the same
time, Mr. Musk has worried about the possibility of leaks and theft by
disgruntled former employees during his mass layoffs. In November, he locked
Twitter’s offices and asked employees not to come in while cuts were being
made. Over the last few months, Twitter has also prevented engineers from
making changes to the site’s code ahead of layoffs for fear that someone would
sabotage the platform on the way out the door.
“One of the
best ways to mitigate insider risk is to keep your employees happy and that
certainly hasn’t been the case at Twitter,” Mr. Callow said.
The person
who leaked Twitter’s source code appeared to go by the name
“FreeSpeechEnthusiast” on GitHub, according to Twitter’s legal filing. The
user’s pseudonym appears to be a reference to Mr. Musk, who has referred to
himself as a “free speech absolutist.”
The GitHub
profile for the anonymous user shows a single contribution to the platform in
early January. The profile remains online.
Jack Begg
contributed research.
Ryan Mac is
a technology reporter focused on corporate accountability across the global
tech industry. He won a 2020 George Polk award for his coverage of Facebook and
is based in Los Angeles. @RMac18
Kate Conger is a technology reporter in San Francisco, where she covers Twitter. @kateconge
Sem comentários:
Enviar um comentário