Internal source code and data belonging to The New York Times were leaked on the infamous 4chan message board in January 2024.
The stolen information, amounting to a staggering 273GB, was allegedly taken from the company’s GitHub repositories.
“Basically all source code belonging to The New York Times Company, 270GB,” reads the 4chan forum post.
“There are around 5 thousand repos (out of them less than 30 are additionally encrypted I think), 3.6 million files total, uncompressed tar.”
Details of the Breach
The leaked data, as verified by BleepingComputer, was shared by an anonymous user who posted a torrent to a massive archive containing the stolen information. This archive allegedly holds nearly all of The New York Times’ source code, encompassing approximately 5,000 repositories and 3.6 million files.
A ‘readme’ file within the archive reveals that the perpetrator exploited an exposed GitHub token to gain access to the company’s repositories and exfiltrate the data. The New York Times confirmed the breach to BleepingComputer, stating that it occurred in January 2024 due to inadvertently exposed credentials for a cloud-based third-party code platform, later confirmed to be GitHub.
The company said that the breach of its GitHub account did not affect its internal corporate systems and had no impact on its operations.
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.