Inside supply code and information belonging to The New York Occasions was leaked on the 4chan message board after being stolen from the firm’s GitHub repositories in January 2024, The Occasions confirmed to BleepingComputer.
As first seen by VX-Underground, the inner information was leaked on Thursday by an nameless consumer who posted a torrent to a 273GB archive containing the stolen information.
“Basically all source code belonging to The New York Times Company, 270GB,” reads the 4chan discussion board put up.
“There are around 5 thousand repos (out of them less than 30 are additionally encrypted I think), 3.6 million files total, uncompressed tar.”
Supply: BleepingComputer
Whereas BleepingComputer didn’t obtain the archive, the risk actor shared a textual content file containing a whole checklist of the 6,223 folders stolen from the corporate’s GitHub repository.
The folder names point out that all kinds of data was stolen, together with IT documentation, infrastructure instruments, and supply code, allegedly together with the viral Wordle recreation.
A ‘readme’ file within the archive states that the risk actor used an uncovered GitHub token to entry the corporate’s repositories and steal the information.
In an announcement to BleepingComputer, The Occasions stated the breach occurred in January 2024 after credentials for a cloud-based third-party code platform had been uncovered. A subsequent e mail confirmed this code platform was GitHub.
“The underlying event related to yesterday’s posting occurred in January 2024 when a credential to a cloud-based third-party code platform was inadvertently made available. The issue was quickly identified and we took appropriate measures in response at the time. There is no indication of unauthorized access to Times-owned systems nor impact to our operations related to this event. Our security measures include continuous monitoring for anomalous activity.”
❖ The New York Occasions
The corporate stated that the breach of its GitHub account didn’t have an effect on its inside company programs and had no affect on its operations.
The Occasions leak is the second revealed to 4chan this week, with the primary being a leak of 415MB of stolen inside paperwork for Disney’s Membership Penguin recreation.
Sources solely advised BleepingComputer that the Membership Penguin leak was a part of a extra vital breach of Disney’s Confluence server, the place the risk actors stole 2.5 GB of inside company information.
It’s not identified if it was the identical one who performed the New York Occasions and Disney breaches.
