New York Times source code stolen using exposed GitHub token

The New York Times confirmed to BleepingComputer that internal source code and data were stolen from the company’s GitHub repositories in January 2024 and released on the 4chan message board.

The internal data was disclosed on Thursday by an unknown user who uploaded a torrent to a 273GB folder containing the stolen material, as first reported by VX-Underground.

“Basically all source code belonging to The New York Times Company, 270GB,” the post on 4chan stated.

“There are around 5 thousand repos (out of them less than 30 are additionally encrypted I think), 3.6 million files total, uncompressed tar.”

The threat actor released a text file with a comprehensive inventory of the 6,223 folders that were pilfered from the company’s GitHub repository, even though BleepingComputer did not download the bundle.

The names of the folders suggest that a large amount of data was taken, including infrastructure tools read more New York Times source code stolen using exposed GitHub token.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *