The microblogging site Twitter has taken down internal source code for its platform and tools that was leaked on GitHub for months.
According to a report from The New York Times, it is unclear when the code was leaked, but the publication says that “it appeared to have been public for at least several months.”
As a solution for the copyright infringement, Twitter indicated that GitHub should provide info about the access history for the leak, likely to determine who downloaded or copied the code.
“Please preserve and provide copies of any related upload/download / access history (and any contact info, IP addresses, or other session info related to same), and any associated logs related to this repo or any forks thereof, before removing all the infringing content from Github,” reads the Twitter DMCA notice to GitHub.
The leaker’s GitHub account is still active but no longer has any public repositories. However, its past activity shows that the user’s first contribution (e.g., committing to a repo or opening an issue/discussion) was on January 3.
Twitter is now attempting to use a subpoena to force GitHub to provide identifying information regarding the FreeSpeechEnthusiasm user and anyone who accessed and distributed the leaked Twitter source code, which would be used for further legal action.
“All identifying information, including the name(s), address(es), telephone number(s), email address(es), social media profile data, and IP address(es), for the user(s) associated with the following GitHub username: FreeSpeechEnthusiast. Please include all identifying information provided when this account was established, as well as all identifying information provided subsequently for billing or administrative purposes.
“All identifying information, including the name(s), address(es), telephone number(s), email address(es), social media profile data, and IP address(es), for the users who posted, uploaded, downloaded or modified the data at the following URL [FreeSpeechEnthusiasm’s public GitHub repo].”
It is unknown how many people accessed or downloaded Twitter’s leaked source code, but the leaker had few followers. Even so, the leak could have repercussions for Twitter as the code may be scrutinized to find potentially exploitable vulnerabilities.
(via: Bleepingcomputer)
