Security News > 2024 > June > New York Times source code stolen using exposed GitHub token

New York Times source code stolen using exposed GitHub token
2024-06-08 17:10

Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer.

"Basically all source code belonging to The New York Times Company, 270GB," reads the 4chan forum post.

A 'readme' file in the archive states that the threat actor used an exposed GitHub token to access the company's repositories and steal the data.

In a statement to BleepingComputer, The Times said the breach occurred in January 2024 after credentials for a cloud-based third-party code platform were exposed.

The Times leak is the second one published to 4chan this week, with the first being a leak of 415MB of stolen internal documents for Disney's Club Penguin game.

It is not known if it was the same person who conducted the New York Times and Disney breaches.


News URL

https://www.bleepingcomputer.com/news/security/new-york-times-source-code-stolen-using-exposed-github-token/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 3 42 30 15 90