A recent data breach on a popular imageboard website exposed 273GB of data from The New York Times, including over 5,000 source code repositories [1] [5] [6].
Description
Security researchers vx-underground discovered the breach [8], where an attacker exploited an exposed GitHub token to access repositories and steal data [2] [4]. The leaked information consists of internal communications, private user keys [8], software development details [8], IT documentation [3] [4] [5], infrastructure tools [3] [4] [5], and source code for projects like the Wordle game. Additionally, the compromised data contains email marketing campaigns, ad reports [2], and personal information [7], with some files encrypted [7]. The breach, dating back to January 2024, may have exposed sensitive data such as user information and passwords [8]. The legitimacy of the leak has not yet been verified [7], and the newspaper did not respond to inquiries about the case [7]. Fortunately, The Times’ internal systems and operations were unaffected, and the company promptly addressed the issue to prevent unauthorized access. This incident is not the first cyberattack on the newspaper [2], as they were previously targeted by the Syrian Electronic Army in 2013 and suspected Russian hackers in 2016 [2].
Conclusion
The breach on The New York Times has raised concerns about the security of sensitive data and the potential risks of cyberattacks. While the newspaper has taken steps to address the issue and prevent further unauthorized access, the incident highlights the importance of robust cybersecurity measures to protect valuable information. Moving forward, it is crucial for organizations to continuously assess and enhance their security protocols to safeguard against future breaches and cyber threats.
References
[1] https://cybersecuritynews.com/new-york-times-code-leak/
[2] https://www.computing.co.uk/news/4320150/york-times-confirms-leak
[3] https://nsaneforums.com/news/security-privacy-news/new-york-times-source-code-stolen-using-exposed-github-token-r23579/
[4] https://www.csoonline.com/article/2140389/new-york-times-plays-down-impact-of-source-code-leak.html
[5] https://securityaffairs.com/164280/data-breach/new-york-times-source-code-leaked.html
[6] https://www.itechpost.com/articles/122745/20240609/new-york-times-270gb-source-code-leaked-4chan.htm
[7] https://www.threatshub.org/blog/new-york-times-source-code-leaks-online-via-4chan/
[8] https://www.infosecurity-magazine.com/news/threat-actor-leak-270gb-new-york/
