The X API ‘Leak’ That Didn’t Really Happen

A screenshot claiming to show internal code from X began circulating on the social media platform Wednesday. The image, shared by a now-suspended user called “Anti-Fascist Turtle,” allegedly revealed a list of “protected users” who could violate X’s Terms of Service without consequences. The list included prominent right-wing figures like the Trump family and Andrew Tate and even allowed for the use of certain slurs.

oh my god the Twitter API leak that clearly shows Twitter has special protections for right wing accounts is 100% confirmed real pic.twitter.com/72pSZHDd73

— Viathan 🇵🇸🔆 (@VermilViathan) July 24, 2024

The supposed leak quickly gained traction among left-leaning users on X. Many viewed the sudden suspension of the account that shared the image as evidence of its authenticity. The leak appeared to confirm suspicions some users had about special treatment for certain accounts on the platform.

However, numerous cybersecurity experts and tech-savvy users have expressed skepticism about the leak’s legitimacy. Maia Arson Crimew, a well-known hacker and researcher, pointed out several inconsistencies in the alleged code. These include the non-existence of the URL where the code was supposedly found, the implausible implementation of protected users in a config file, and the list’s apparent design to provoke left-wing users.

as of right now i consider the info to be disinformation and given there does not appear to be a verifiable archive of the URL the data is claimed to be from i do not consider this information to be verifiable without comment from twitter

— typical maia crimew twiter account 2024 (@awawawhoami) July 24, 2024

Former Twitter employees also noted that the depicted moderation system doesn’t align with the platform’s actual practices, at least prior to Elon Musk’s acquisition of the platform.

can confirm at least while i was there that twitter made its own internal moderation tooling (they called it "agent tools" and they worked next to me, they were necessarily very secretive). don't know what it relied on but i only remember okta being used for sso

— d@nny "disc@" mcClanahan (@hipsterelectron) July 24, 2024

i did not know this person at twitter but this mastodon post was just boosted by another ex-tweep and it supports the hypothesis that okta is disjoint from moderation https://t.co/qmJbVAM4vl pic.twitter.com/6boc1vLJBH

— d@nny "disc@" mcClanahan (@hipsterelectron) July 25, 2024

Okta, the third-party verification service mentioned in the leak, has also officially weighed in. A spokesperson told journalist Benedict Garman, “We can confirm that this is definitely an invalid url and we confirm the screenshot is fake.”

This viral image purporting to be leaked Twitter/ X code stemming from the url "protected-users.twitter.okta[dot]com" is fake. An Okta spokesperson told me, "We can confirm that this is definitely an invalid url and we confirm the screenshot is fake." pic.twitter.com/na3v6Z7Nii

— Benedict Garman (@benedictgarman) July 25, 2024

The source of the alleged leak appears to be a chat room run by malware hosting service vx-underground. The group said it “was actually really hurtful” that the unverified information was shared publicly, suggesting it may have been leaked prematurely from internal discussions.

X has also labeled posts discussing the issue as “Manipulated media.”

We get links, stories, leaks, etc. all the time. We get tons of blatant lies, misinformation, exaggerated stories, etc. was actually really hurtful when someone leaked this. Broke my heart that someone in our close circle of friends would violate our trust

tl;dr sad boi hours

— vx-underground (@vxunderground) July 25, 2024

---

Information for this story was found via the sources and companies mentioned. The author has no securities or affiliations related to the organizations discussed. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.