Over 270 GB of confidential data is available for anyone to download.
The source code and internal data of the American edition of The New York Times were recently leaked to the 4chan image board after theft from the company's GitHub repositories in January 2024.
The data leak was first noticed by the VX-Underground team. Last Thursday, June 6, a torrent with a 273 GB archive containing stolen data was published on an anonymous forum.
"Virtually all of The New York Times' source code, 270 GB," reads a forum post. "There are about 5,000 repositories in the archive, of which less than 30 are additionally encrypted, with a total of 3.6 million uncompressed files." Additionally, the attackers provided a text file with a complete list of 6223 folders stolen from the company's GitHub repository.
The contents of the folders indicate the theft of a wide range of information, including IT documentation, infrastructure tools, and source code, including the popular Wordle game. The "readme" file in the archive claims that attackers used an open GitHub token to access the company's repositories and steal data.
The publication itself stated that the leak occurred in January 2024 after credentials for a third-party code cloud platform were accidentally made public. It soon became known that this was the GitHub platform.
"The event related to yesterday's leak occurred in January 2024, when credentials for a third-party code cloud platform were accidentally made public. The problem was quickly identified and we took appropriate action at the time. There is no indication of unauthorized access to the systems owned by the Times or influence on our work in connection with this event. Our security measures include continuous monitoring for abnormal activity," representatives of the publication said.
The New York Times data leak was the second published on 4chan in recent weeks. The first was the leak of 415 MB of stolen internal documents for the game Club Penguin. As it became known later, the Club Penguin data leak was part of a larger breach of Disney's Confluence server, where attackers stole 2.5 GB of internal corporate data.
It is not known for certain whether one person is behind both hacks, or why the 4chan image board was chosen to publish the data.
The source code and internal data of the American edition of The New York Times were recently leaked to the 4chan image board after theft from the company's GitHub repositories in January 2024.
The data leak was first noticed by the VX-Underground team. Last Thursday, June 6, a torrent with a 273 GB archive containing stolen data was published on an anonymous forum.
"Virtually all of The New York Times' source code, 270 GB," reads a forum post. "There are about 5,000 repositories in the archive, of which less than 30 are additionally encrypted, with a total of 3.6 million uncompressed files." Additionally, the attackers provided a text file with a complete list of 6223 folders stolen from the company's GitHub repository.
The contents of the folders indicate the theft of a wide range of information, including IT documentation, infrastructure tools, and source code, including the popular Wordle game. The "readme" file in the archive claims that attackers used an open GitHub token to access the company's repositories and steal data.
The publication itself stated that the leak occurred in January 2024 after credentials for a third-party code cloud platform were accidentally made public. It soon became known that this was the GitHub platform.
"The event related to yesterday's leak occurred in January 2024, when credentials for a third-party code cloud platform were accidentally made public. The problem was quickly identified and we took appropriate action at the time. There is no indication of unauthorized access to the systems owned by the Times or influence on our work in connection with this event. Our security measures include continuous monitoring for abnormal activity," representatives of the publication said.
The New York Times data leak was the second published on 4chan in recent weeks. The first was the leak of 415 MB of stolen internal documents for the game Club Penguin. As it became known later, the Club Penguin data leak was part of a larger breach of Disney's Confluence server, where attackers stole 2.5 GB of internal corporate data.
It is not known for certain whether one person is behind both hacks, or why the 4chan image board was chosen to publish the data.
