Twitter Source Code Leaked on Public GitHub Repository

The popular social media platform Twitter is actively searching for the person responsible for a recent data leak and any other individuals who became involved in the incident by downloading the data.

A GitHub user publicly exposed a part of the platform’s proprietary source code and internal tools for approximately three months before Twitter issued a takedown request with DMCA on March 24. GitHub subsequently complied with the notice and took down the relevant repository on Friday.

Twitter executives and security researchers suspect an insider threat may have caused the leak, possibly an employee who departed the company after Elon Musk’s acquisition.

How Can the Leak Affect Twitter?

The source code was posted on a “PublicSpace” repository by a user named “FreeSpeechEnthusiast,” which appears to reference Elon Musk’s Twitter comments on censorship.

Before its removal, the PublicSpace repository contained four folders, including “auth” and “aws-dal-reg-svc,” which suggest their contents.

Source code repositories often contain sample data, test cases, software configurations, and sensitive personal and authentication information. Some source codes may even include sensitive information in cleartext, posing significant risks if obtained by threat actors. Companies should avoid storing such sensitive data in cleartext format in their code as a precautionary measure.

Because it can reveal software vulnerabilities that attackers can exploit, proprietary source code is considered the most sensitive and confidential information.

Are There Reports of Exploitation?

It is unclear how many people have accessed the leaked data or if it has been exploited in any way.

Twitter is working to determine who is responsible for the leak and assess the data exposure’s potential impact. To aid their investigation, Twitter filed a court request asking GitHub to disclose usernames, telephone numbers, addresses, social media profiles, IP addresses, and email addresses connected to the incident.

Recent Data Leaks of Twitter

Twitter has experienced several data leaks in the past six months, including the leak of 5.4 million users’ private information in July 2022, which resulted from a flawed API. 

The incident sparked the attention of threat actors on the dark web, as evidenced by another data leak in December that compromised the information of 400 million users and the recycled leak in January.

Threat actors shared these previous leaks mainly across the now-taken-down hacker forum, BreachForums.

How Can SOCRadar Help?

As the backbone of your organization’s software applications, your source code represents your proprietary intellectual property, and any compromise in its security can have dire consequences.

SOCRadar monitors public code repositories such as GitHub and GitLab to identify exposed resources and alarm you, allowing you to act fast and mitigate any potential threats. By proactively monitoring your code repositories, you can protect your assets from source code leakage.