An alleged leak of internal code from the social media platform “X,” formerly known as Twitter, revealed safeguards given to right-wing accounts that allow them to violate the site’s rules without facing any penalties.
But while the “leak” sparked immediate backlash and outrage, many tech experts say the alleged code is not real.
On Wednesday, a screenshot called a “Twitter API leak” began circulating on X. The screenshot purportedly shows X’s “Okta configuration.”
Okta is a third-party site that handles user verification for the platform.
The account that shared the image was a now-suspended user named “Anti-Fascist Turtle,” who claimed that X has a list of users who do not have to comply with the platform’s terms of service.
“A new leak of the Twitter API reveals the existence of a group of ‘protected users’ who don’t face any punishment for violating the terms of service,” the user wrote. “It also includes a list of whitelisted slanderers,” the user said. “It’s also worth mentioning that all of the accounts listed are right-wing in nature.”
see next
Oh, and the Twitter API leak clearly shows that Twitter is taking extra safeguards against right-wing accounts, verified to be 100% authentic pic.twitter.com/72pSZHDd73
— VermilViathan 🇵🇸🔆 (@VermilViathan) July 24, 2024
What is a Twitter API leak?
Users protected by the alleged code include members of the Trump family, including President Donald Trump, Eric Trump and Donald Trump Jr. Other protected users include Elon Musk, who owns the X Platform, far-right influencers Andrew Tate and TikTok’s Libs, and even Russian government accounts.
Protected terms are listed to include very specific racial slurs, as well as the words “illegal” and “Mexican.”
This so-called leak quickly spread among left-leaning X users, who claimed that the sudden shutdown of Anti-Fascist Turtle suggested the code was genuine.
“In case you missed it, Elon just removed @TheAntifaTurtle for calling out an API leak that exposed a list of users with exempt privileges that allow major right wing influencers to spout all kinds of slander and hate speech with impunity,” one user said. “Great site.”
Just in case you missed it, Elon just nuked @TheAntifaTurtle for making a callout on an API leak revealing a list of users with immunity, who are allowed to say any kind of slurs or hate speech without any consequences, all from major right wing influencers
Great site guys 👍👍 pic.twitter.com/L6WJqZxsPQ
— Sauda (@SaudaBTD6) July 24, 2024
The claim appears to have come from a user in a chat room run by malware-hosting service vx-underground. In a post on Thursday, vx-underground said the screenshots were discussed internally and then shared on social media, despite concerns that the leak was untrue.
“We receive links, stories, leaks, etc. all the time,” vx-underground wrote. “We receive a lot of outright lies, misinformation, exaggerated stories, etc. It really hurt when someone leaked this. We are heartbroken that one of our close friends has betrayed our trust. It is a sad time.”
see next
We are constantly receiving links, stories, leaks, etc. We receive a lot of outright lies, misinformation, exaggerated stories, etc. It really hurt when someone leaked this. We were heartbroken that one of our close friends had betrayed our trust.
tl;dr Sad Boys Time
— vx-underground (@vxunderground) July 25, 2024
Technical experts weren’t convinced either: A number of users, including cybersecurity researcher and hacker Maia Arson Kreim, disputed the code’s validity.
In a post on X, Maia expressed doubt about the leak, claiming that “this seems like perfect fodder to create a fuss and make fun of the people who believe it.”
The URL where the code was allegedly found does not exist or have ever been archived, and the list of protected users “seems so perfectly tuned to ‘provoke the left’ that it makes little sense to implement it in a config file,” Mayr said.
The post also appears to be a blessing in disguise: Many accounts that shared the “leak” believe Tate has recently received special permission to use racist slurs, and claim that they’ve seen an increase in racist rhetoric on his page.
And suddenly, the evidence was there.
While sites like X have features that require manual moderation of high-profile accounts to protect them from mass reporting campaigns, those features are “only accessible through internal tools and are database flags of accounts, not lists,” Myer added.
While Maia said his analysis was merely speculation, like any leak, he said, “I believe the burden of proof with any claim of this magnitude is on the person making the claim.”
“At this time, we believe this information is false and, given that we do not have a verifiable archive of the URL where this data purportedly comes from, we do not believe this information is verifiable without comment from Twitter,” she said.
see next
Of course, both the original “leak” and my thread are mostly speculation, but I believe the burden of proof for such a large claim is on the party making it, and the manner in which this was made public (via screenshots circulated by unknown means) is unprofessional in any event.
— Typical Maia Crimiu Twitter account 2024 (@awawawhoami) July 24, 2024
In response to Maia’s comments, a former Twitter employee said that, at least before Musk’s acquisition, moderation was done through internal tools, not through Okta or whitelists as suggested in the alleged leak.
see next
I can confirm that Twitter was building their own internal moderation tool, at least while I was there (they called it the “Agent Tool” and worked alongside me; it was necessarily very secretive). I don’t know what it relied on, but I do remember that it used Okta for SSO.
— d@nny “disc@” mcClanahan (@hipsterelectron) July 24, 2024
Other prominent users, including popular YouTuber and cybersecurity researcher Ryan McBeth, have also questioned Okta’s use in this way.
see next
I don’t believe the “Twitter API leak” is real, based on several factors.
#1. You will probably never use flat files.
#2. Okta is an authenticator, not a whitelister.
#3. The list is unlikely to be made public.
#4. There is a spelling mistake in the listing. pic.twitter.com/bGeTl8Y4ZF
— Ryan McBeth (@RyanMcbeth) July 25, 2024
Okta also acknowledged in a statement to journalist Benedict Gurman that the leak was fabricated.
“We can confirm that this is definitely an invalid URL and the screenshot is fake,” an Okta spokesperson said.
X has not publicly commented on the alleged leak, but the platform has tagged posts discussing the issue as “manipulated media.”
The tag has done little to quell the belief among some left-leaning users that the code is real, and that it’s a double fake created by Musk to hide a secret racism protocol.
However, at this time, the so-called Twitter API leak does not appear to be legitimate as no further verification has been conducted.
Internet culture is a mess, but we’re here to tell you the inside story with one email per day. Sign up here for the Daily Dot’s web_crawlr newsletter and get the best (and worst) of the Internet delivered straight to your inbox.