The Information Highway

The Information Highway

Font size: +
2 minutes reading time (335 words)

New York Times source code stolen using exposed GitHub token

 Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed.

As first seen by VX-Underground, the internal data was leaked on Thursday by an anonymous user who posted a torrent to a 273GB archive containing the stolen data.

"Basically, all source code belonging to The New York Times Company, 270GB," reads the 4chan forum post. 

"There are around 5 thousand repos (out of them less than 30 are additionally encrypted I think), 3.6 million files total, uncompressed tar."

Leak of New York Times source code on 4chan
Source: BleepingComputer

The threat actor shared a text file containing a complete list of the 6,223 folders stolen from the company's GitHub repository.

The folder names indicate that a wide variety of information was stolen, including IT documentation, infrastructure tools, and source code, allegedly including the viral Wordle game.

A 'readme' file in the archive states that the threat actor used an exposed GitHub token to access the company's repositories and steal the data.

In a statement, The Times said the breach occurred in January 2024 after credentials for a cloud-based third-party code platform were exposed. A subsequent email confirmed this code platform was GitHub.

The company said that the breach of its GitHub account did not affect its internal corporate systems and had no impact on its operations.

The Times leak is the second one published to 4chan this week, with the first being a leak of 415MB of stolen internal documents for Disney's Club Penguin game.

Sources report that the Club Penguin leak was part of a more significant breach of Disney's Confluence server, where the threat actors stole 2.5 GB of internal corporate data.

It is not known if it was the same person who conducted the New York Times and Disney breaches.

Critical VBEM vulnerability
LastPass says 12-hour outage caused by bad Chrome ...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Saturday, 28 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023