The New York Times has issued a statement after someone leaked a significant amount of source code allegedly belonging to the news giant.
Reports emerged on Friday that someone had leaked 270 Gb of source code allegedly taken from The New York Times on the 4chan bulletin board.
The leaker claimed to have obtained 5,000 repositories and a total of 3.6 million files, including source code for Wordle and other games.
Stack Diary reported that the leaked data also includes a WordPress database storing information on roughly 1,500 users, including names, email addresses, and password hashes. The exposed data also reportedly includes authentication URLs and associated passwords, API tokens and secret keys.
In a ‘readme’ file placed next to the leaked files, the hacker claimed to have gained access to the data after finding “a GitHub token that had access to the repositories”.
Contacted by SecurityWeek, The New York Times said it was aware of the incident and clarified that the data breach occurred in January 2024, “when a credential to a cloud-based third-party code platform was inadvertently made available”.
“The issue was quickly identified and we took appropriate measures in response at the time,” a spokesperson for The Times said. “There is no indication of unauthorized access to Times-owned systems nor impact to our operations related to this event. Our security measures include continuous monitoring for anomalous activity.”
Related: Intel Confirms UEFI Source Code Leak as Security Experts Raise Concerns
Related: Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails
Related: Mercedes Source Code Exposed by Leaked GitHub Token
