Hackers Leak 270GB Of Stolen New York Times Data Including Source Code

hero wordle
A significant breach of The New York Time's GitHub account and its repository data has apparently been stolen, followed by a massive file dump of things like internal source code and other data posted to the controversial 4Chan board. The stolen 270GB worth of data appears to include source code for the popular Wordle game.
First spotted by malware and cybersecurity experts vx-underground, its X post reported that up to 270GB of source code from NYT has been leaked on 4Chan with more than 5,000 source code repositories, numbering 3.6 million files. Of that, less than 30 of those repositories were encrypted.

The breach occurred in January this year, with the news outlet stating that "a credential to a cloud-based third-party code platform was inadvertently made available". A later email to BleepingComputer confirmed that the code platform in question was indeed GitHub and assured that neither internal corporate systems nor operations were affected.

Over at 4Chan, a post by the anonymous hacker (or hackers) last week simply shares the 273GB archive of stolen data with no apparent demands, calling for users to seed the file. The hacker(s) also shared a text file containing a list of the 6,223 folders stolen from the hacked GitHub account. Digging deeper, the folders contain various information such as source code (including that of the viral Wordle game), infrastructure tools, and internal IT documentation.

In case you missed it, this is the second time in a week that 4Chan has been used to dump stolen company data. We previously reported on the recent Disney data breach that involved hackers stealing 2.5GB of Club Penguin data, of which 415MB of stolen internal documents were posted onto 4Chan, again with no demands. While most of the hacked files are old, the threat actor(s) stole sensitive corporate information. company strategies, internal developer tools, and internal infrastructure.

Could these two leaks be linked to the same person or group of hackers? Are these hacks a mark of disgruntled fans, as in the Club Penguin incident? Time will tell (hopefully).