An nameless risk actor has posted what they declare to be 270GB of supply code stolen from the New York Occasions on a well-liked imageboard web site.
Seen by Infosecurity, the Friday publish claimed that the leak incorporates “mainly all supply code” from the writer.
“There are round 5 thousand repos (out of them lower than 30 are moreover encrypted I feel), 3.6 million recordsdata complete, uncompressed tar. Please seed, the seedboxes won’t be sufficient,” the publish learn.
The alleged leak was first noticed by safety researchers vx-underground.
“That is the second time this week proprietary data has been leaked onto 4chan,” they noted in a publish on X (previously Twitter). “A number of days [ago] Membership Penguin recordsdata have been stolen from Disney’s inner community and leaked onto 4chan.”
As we speak on 4chan somebody leaked the supply code (?) to the New York Occasions. They leaked 270GB of knowledge
They wrote that the New York Occasions has 5,000 supply code repositories, with lower than 30 being encrypted (?). It’s 3,600,000 recordsdata in complete
Be aware: We have not reviewed the info
— vx-underground (@vxunderground) June 6, 2024
There’s no present indication that each assaults have been carried out by the identical actor. It’s additionally unclear whether or not their claims are correct or not. Vx-underground mentioned it hadn’t but reviewed the leaked knowledge.
Read more on source code leaks: Intel Confirms Source Code Leak
It’s believed that the actor focused the New York Occasions’ GitHub account.
An announcement from the writer clarified {that a} safety incident occurred in January of this yr, when a credential to a “cloud-based third-party code platform” was “inadvertently made obtainable.”
The agency mentioned it shortly noticed the suspicious exercise and remediated the incident.
“There isn’t a indication of unauthorized entry to Occasions-owned methods nor impression to our operations associated to this occasion,” it added. “Our safety measures embody steady monitoring for anomalous exercise.”
It’s unclear what the risk actor’s motivation for stealing and leaking the supply code was. One outlet claimed to have discovered a database of 1500 customers from an NYT schooling web site within the leaked trove. It apparently contained full names, e-mail addresses and hashed passwords.
Additionally in there are inner communications from Slack channels, secrets and techniques together with personal person keys, and software program growth particulars concerning the writer’s inner IT structure.
Picture credit score: Claudio Divizia / Shutterstock.com