New York Times source code compromised via exposed GitHub token
2024-6-9 04:34:46 Author: securityaffairs.com(查看原文) 阅读量:11 收藏

New York Times source code compromised via exposed GitHub token

The source code and data of The New York Times leaked on the 4chan was stolen from the company’s GitHub repositories in January 2024.

This week, VX-Underground first noticed that the internal data of The New York Times was leaked on 4chan by an anonymous user. The mysterious user leaked 270GB of data and claimed that the American newspaper has over 5,000 source code repositories, with less than 30 being encrypted.

The New York Times confirmed to BleepingComputer that the internal source code and data belonging to the company leaked on the 4chan message board is legitimate.

Today on 4chan someone leaked the source code (?) to the New York Times. They leaked 270GB of data

They wrote that the New York Times has 5,000+ source code repositories, with less than 30 being encrypted (?). It is 3,600,000 files in total

Note: We haven't reviewed the data

— vx-underground (@vxunderground) June 6, 2024

The Times said the data and source code were stolen from the company’s GitHub repositories in January 2024.

According to BleepingComputer stolen files may include IT documentation, infrastructure tools, and source code, allegedly the Wordle game.

The threat actor wrote he had used an exposed GitHub token to access the repositories, but The Times initially said that the attackers obtained the credentials for a cloud-based third-party code platform. Later, the company confirmed that the third-party platform was GitHub.

The Times clarified that the security breach of its GitHub account did not affect its internal systems and had no impact on its operations.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, The NY Times)




文章来源: https://securityaffairs.com/164280/data-breach/new-york-times-source-code-leaked.html
如有侵权请联系:admin#unsafe.sh