Overview

The Twitter API Leak, also known as X Protected Users Leak or X Application Programming Interface Leak, is a leaked screenshot allegedly showing a section of X / Twitter's code that purportedly allows certain users and accounts to break the site's Terms of Service without consequence. The leak was released on a Discord server in July 2024 and subsequently posted to X by user @The AntifaTurtle, who was purportedly suspended after leaking the screenshot. This suspension led many to believe that the leak was legitimate and being covered up by the site, although its veracity has not been confirmed. Notably, the listed "protected users" largely appeal to conservative and right-wing audiences, including the likes of Donald Trump, Libs Of TikTok, Andrew Tate and more, with Elon Musk (the platform's owner) also being listed. After the leak spread online in late July 2024, it was widely discussed and debated by users, with some believing its legitimacy while others claimed it was fake.

Background

On July 24th, 2024, now-suspended X^[1] user TheAntifaTurtle posted a screenshot of a block of code originally posted on a Discord server. The screenshot allegedly shows code from the backend of Twitter that whitelists specific users to break the Terms of Service without consequence. The code displays a list of slurs that these users are supposedly allowed to use. Accounts include those of Andrew Tate (@cobratate), Donald Trump and Libs Of TikTok, among others (shown below)

Developments

Purportedly, @TheAntifaTurtle's account was suspended shortly after leaking the code. On July 24th, 2024, the day of the leak, X^[2] user @brndxix shared the leak alongside an image showing alleged proof of the suspended account, writing, "the free speech demon strikes again," garnering over 126,000 likes in under a day (shown below). Notably, reposts of the leaked screenshot are marked as "manipulated media" by X.

Also on the day of the leak, a thread was started on ycombinator^[3] discussing the leak. User popcalc shared a link to a now-deleted X post by user @vxunderground claiming that the code was shared with them privately but they had to do more work to independently verify its validity (shown below).

Online Reactions

The leak inspired reactions across X and social media in general in late July 2024, with many reposting it. Speculation surrounding the suspension of the leaker's account also spread, along with discussions about all reposts of the leak being marked as "manipulated media" (example seen below).

On July 24th, 2024, X^[4] user @tippitytoptweet posted, "IN REAL TIME !!!! I SAW THE ACCOUNT SUSPENDED WITH MY OWN EYES!!!!" garnering over 263,000 likes in a day. Also on the 24th, X^[5] user @henrybadger19 posted a meme about the suspension of the account increasing their belief that the leak is real, garnering over 90,000 likes in a day (shown below).

On July 25th, CyberDaily^[6] and Dataconomy^[7] reported on the alleged leak.

Also on July 25th, 2024, X user @benedictgarman^[8] made a post claiming the leaked code about protected users on Twitter was fake and that an Okta spokesperson purportedly told them, "We can confirm that this is definitely an invalid url and we confirm the screenshot is fake." The tweet (seen below) received over 45,000 views, 380 likes and 190 reposts in two hours.

That same day, X user @RyanMcbeth^[9] posted a video explaining why they believed the leak to be inauthentic based on "a number of factors," adding a list of four reasons. The video (shown below) received over 45,000 views, 1,100 likes and 180 reposts in 12 hours.

I do not believe that the “Twitter API Leak” is authentic based on a number of factors:#1. Using a flat file would be unlikely.#2. Okta is an Authenticator not a whitelister.#3. It is unlikely the list would be public.#4. There is a misspelling in the list. pic.twitter.com/bGeTl8Y4ZF

— Ryan McBeth (@RyanMcbeth) July 25, 2024

Search Interest

External References