New York Times Internal Data Nabbed From GitHub

The tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country's paper of record has not yet confirmed the nature of the data accessed.

Dark Reading, Staff & Contributors

June 13, 2024

1 Min Read
Cabs in front of New York Times building in NYC.
MICHELE D'OTTAVIO VIA ALAMY STOCK PHOTO

A 4chan user has leaked 270GB of internal New York Times data -- allegedly including source code for the popular Wordle game and other parts of the business -- as part of an incident that the media outlet partially confirmed this week.

The anonymous 4chan user claimed to have gained access to 5,000 GitHub repositories, mostly unencrypted, containing a collective 3.6 million files, including "basically all source code belonging to the New York Times Company."

Such claims from cybercriminals should always be taken with a grain of salt. But at least one researcher, Alex Ivanovs, says he has verified part of the data as legitimate, including source code for Wordle; a WordPress database of 1,500 New York Times Education site users with names, email addresses, and hashed passwords; internal Slack communications; and authentication details such as "URLs and their respective passwords, secret keys, and API tokens. … Plenty of such secrets need immediate attention."

For its part, a spokesperson for the Gray Lady confirmed that data was accessed back in January, but didn't verify the granular details of the incident.

“The underlying event related to the recent online posting of Times information occurred in January 2024, when a credential to a cloud-based third-party code platform was inadvertently made available," says Charlie Stadtlander, New York Times managing director for external communications, newsroom, and opinion. "The issue was quickly identified, and we took appropriate measures in response at the time. There is no indication of unauthorized access to Times-owned systems nor impact to our operations related to this event. Our security measures include continuous monitoring for anomalous activity.”

Read the Full Article on Dark Reading

About the Author

Dark Reading

Dark Reading

Staff & Contributors

Dark Reading: Connecting The Information Security Community

Long one of the most widely-read cybersecurity news sites on the Web, Dark Reading is also the most trusted online community for security professionals. Our community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

See more from Dark Reading
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

man on a boat in the outer space with colorful cloud,illustration
IT Infrastructure
9 Ways Cloud Makes Companies More Competitive
9 Ways Cloud Makes Companies More Competitive

Aug 26, 2024

Machine Learning & AI
The Search for Solid Hires Between AI Screening and GenAI Resumes
The Search for Solid Hires Between AI Screening and GenAI Resumes

Aug 19, 2024

Data breach concept with faceless hooded male person, low key red and blue lit image and digital glitch effect.
Cyber Resilience
Examining the National Public Data Breach and Risks for Data Brokers
Examining the National Public Data Breach and Risks for Data Brokers

Aug 22, 2024

Calculator displaying the text "SALARY" on top of $100 bills.
IT Leadership
2024 InformationWeek US IT Salary Report: Profits, Layoffs, and the Continued Rise of AI
2024 InformationWeek US IT Salary Report

Jun 4, 2024

Cartoon comic art illustration showing a 1960s technician scientist working on an Honeywell style tape-drive computer with a dot-matrix paper readout.
Data Management
11 Irritating Data Quality Issues
11 Irritating Data Quality Issues

Aug 20, 2024

Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports