New York Times Internal Data Nabbed From GitHub

The tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country's paper of record has not yet confirmed the nature of the data accessed.

Dark Reading, Staff & Contributors

June 13, 2024

1 Min Read
Cabs in front of New York Times building in NYC.
MICHELE D'OTTAVIO VIA ALAMY STOCK PHOTO

A 4chan user has leaked 270GB of internal New York Times data -- allegedly including source code for the popular Wordle game and other parts of the business -- as part of an incident that the media outlet partially confirmed this week.

The anonymous 4chan user claimed to have gained access to 5,000 GitHub repositories, mostly unencrypted, containing a collective 3.6 million files, including "basically all source code belonging to the New York Times Company."

Such claims from cybercriminals should always be taken with a grain of salt. But at least one researcher, Alex Ivanovs, says he has verified part of the data as legitimate, including source code for Wordle; a WordPress database of 1,500 New York Times Education site users with names, email addresses, and hashed passwords; internal Slack communications; and authentication details such as "URLs and their respective passwords, secret keys, and API tokens. … Plenty of such secrets need immediate attention."

For its part, a spokesperson for the Gray Lady confirmed that data was accessed back in January, but didn't verify the granular details of the incident.

“The underlying event related to the recent online posting of Times information occurred in January 2024, when a credential to a cloud-based third-party code platform was inadvertently made available," says Charlie Stadtlander, New York Times managing director for external communications, newsroom, and opinion. "The issue was quickly identified, and we took appropriate measures in response at the time. There is no indication of unauthorized access to Times-owned systems nor impact to our operations related to this event. Our security measures include continuous monitoring for anomalous activity.”

Read the Full Article on Dark Reading

About the Author

Dark Reading

Staff & Contributors

Dark Reading: Connecting The Information Security Community

Long one of the most widely-read cybersecurity news sites on the Web, Dark Reading is also the most trusted online community for security professionals. Our community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights