New York Times Source Code Stolen in Major GitHub Breach, In a significant cybersecurity incident, internal source code and data belonging to The New York Times were leaked on the 4chan message board. The breach, confirmed by The Times to BleepingComputer, involved data stolen from the company’s GitHub repositories in January 2024.
Details of the New York Times Source Code Stolen
The leak was first reported by VX-Underground, revealing that an anonymous user posted a torrent link to a 273GB archive containing the stolen data. The 4chan post claimed, “Basically all source code belonging to The New York Times Company, 270GB.” Although BleepingComputer did not download the archive, the threat actor provided a text file listing 6,223 folders stolen from the company’s GitHub repository.
The stolen data appears to encompass a wide range of information, including IT documentation, infrastructure tools, and source code. Notably, the breach allegedly included the source code for the viral Wordle game. A ‘readme’ file in the archive indicated that the threat actor exploited an exposed GitHub token to access and steal the data.
In a statement to BleepingComputer, The New York Times confirmed that the breach occurred due to exposed credentials for a cloud-based third-party code platform, which was later identified as GitHub. The company reassured that the breach did not affect its internal corporate systems and had no impact on its operations.
A Week of High-Profile Leaks
The New York Times source code stolen breach is the second major leak on 4chan within a week. Earlier, 415MB of internal documents from Disney’s Club Penguin game were leaked, stemming from a significant breach of Disney’s Confluence server. In that incident, threat actors stole 2.5GB of internal corporate data. It remains unclear if the same individual was responsible for both breaches.
The New York Times is likely to enhance its security protocols in response to this GitHub breach, focusing on securing access tokens and implementing stricter access controls. Companies are increasingly vulnerable to such breaches due to the widespread use of cloud-based repositories and the potential for human error in handling sensitive credentials.
The Growing Threat of Data Breaches
This incident highlights the growing threat of data breaches and the importance of robust cybersecurity measures. Companies must prioritize securing their code repositories and ensure that access tokens and credentials are managed with the highest level of security. As cyber threats continue to evolve, organizations need to stay vigilant and proactive in protecting their data assets.
The breach of The New York Times’ GitHub repository serves as a stark reminder of the vulnerabilities inherent in modern digital infrastructures. While the company has assured that its operations remain unaffected, the leak of critical internal data underscores the necessity for enhanced security measures. As investigations continue, this incident will likely prompt other organizations to reassess their cybersecurity strategies to prevent similar breaches in the future.
More Updates: Tech News