Hackers Leak 270GB Of Stolen New York Times Data Including Source Code
Today on 4chan someone leaked the source code (?) to the New York Times. They leaked 270GB of data
— vx-underground (@vxunderground) June 6, 2024
They wrote that the New York Times has 5,000+ source code repositories, with less than 30 being encrypted (?). It is 3,600,000 files in total
Note: We haven't reviewed the data
The breach occurred in January this year, with the news outlet stating that "a credential to a cloud-based third-party code platform was inadvertently made available". A later email to BleepingComputer confirmed that the code platform in question was indeed GitHub and assured that neither internal corporate systems nor operations were affected.
Over at 4Chan, a post by the anonymous hacker (or hackers) last week simply shares the 273GB archive of stolen data with no apparent demands, calling for users to seed the file. The hacker(s) also shared a text file containing a list of the 6,223 folders stolen from the hacked GitHub account. Digging deeper, the folders contain various information such as source code (including that of the viral Wordle game), infrastructure tools, and internal IT documentation.
In case you missed it, this is the second time in a week that 4Chan has been used to dump stolen company data. We previously reported on the recent Disney data breach that involved hackers stealing 2.5GB of Club Penguin data, of which 415MB of stolen internal documents were posted onto 4Chan, again with no demands. While most of the hacked files are old, the threat actor(s) stole sensitive corporate information. company strategies, internal developer tools, and internal infrastructure.
Could these two leaks be linked to the same person or group of hackers? Are these hacks a mark of disgruntled fans, as in the Club Penguin incident? Time will tell (hopefully).