The New York Times recently fell victim to a significant security breach, during which its internal source code and data were stolen and subsequently leaked on 4chan. This breach was facilitated through an exposed GitHub token, allowing the attacker to access the company's repositories and extract a substantial amount of data.

The incident was first brought to light by VX-Underground, a well-known educational platform focused on malware and cybersecurity. According to their report on X (formerly Twitter), the stolen data comprises over 270GB of the publication’s source code, which was then disseminated on the messaging board 4chan, where the breach was widely discussed and examined.

The attacker, whose identity remains unknown, claimed on 4chan that The New York Times maintains over 5,000 source code repositories. Alarmingly, fewer than 30 of these repositories are encrypted, suggesting significant vulnerabilities in the company's data security practices. This lack of encryption on the majority of their repositories points to potential oversight in securing sensitive information adequately.

A detailed file listing the directories stolen from the newspaper’s GitHub repository reveals that the breach encompasses more than just source code. It includes IT documentation and infrastructure tools, potentially providing a treasure trove of information that could be exploited for further attacks. This breadth of compromised data suggests that the attackers had deep access to the organization's internal systems and files, raising concerns about the potential misuse of this information.

The New York Times has confirmed the occurrence of the breach to BleepingComputer. The company stated that the breach happened in January 2024 when credentials to a cloud-based third-party code platform, GitHub, were inadvertently exposed. They reassured that the issue was promptly identified and rectified at the time. A spokesperson from the New York Times explained:

The underlying event related to yesterday’s posting occurred in January 2024 when a credential to a cloud-based third-party code platform [GitHub] was inadvertently made available. The issue was quickly identified, and we took appropriate measures in response at the time.

Furthermore, the company emphasized that there has been no indication of unauthorized access to other systems or any impact on their operations as a result of the breach. They highlighted their ongoing vigilance and security measures:

Our security measures include continuous monitoring for anomalous activity.

This breach is part of a worrying trend of high-profile cyber incidents affecting major organizations. Just days before, a similar breach involved the theft of approximately 415MB of internal documents from Disney’s Club Penguin game, which were also posted on 4chan. Sources informed BleepingComputer that this breach was part of a larger compromise of Disney’s Confluence server, where a threat actor exfiltrated 2.5GB of internal corporate data. It remains unclear if the same actor is responsible for both the New York Times and Disney breaches.

In another alarming incident, Ticketmaster faced a significant security scare when hackers claimed to have data for 560 million accounts, which they attempted to sell on the dark web. LiveNation, Ticketmaster’s parent company, confirmed the breach in a filing with the US Securities and Exchange Commission. They revealed that the stolen database was hosted on Snowflake, a cloud storage provider. A spokesperson from LiveNation stated:

The breach involved unauthorized access to a database hosted on Snowflake, where data from Ticketmaster accounts was stored.

Following this, multiple breaches have been linked to Snowflake, raising concerns about the security of cloud-based storage solutions. One notable example is the international bank Santander, which confirmed that it experienced a data breach. A threat actor had gained unauthorized access to a Santander database hosted by a third-party provider, further highlighting the vulnerabilities present in third-party cloud services. Santander disclosed:

A threat actor gained unauthorized access to a Santander database hosted by a third-party provider, resulting in a data breach. We have since taken measures to enhance our security protocols.

These incidents collectively underscore the growing cybersecurity challenges faced by organizations across various sectors. As cyber threats continue to evolve, companies must enhance their security protocols, particularly around third-party services and cloud-based platforms, to safeguard their sensitive data from increasingly sophisticated attacks. The recurring theme in these breach points to the critical need for robust security measures and constant vigilance in the face of ever-present cyber threats.

Do you like what you're reading from the CoderOasis Technology Blog? We recommend reading our Implementing RSA in Python from Scratch as your next choice.

The CoderOasis Community

Did you know we have a Community Forums and Discord Server? which we invite everyone to join us? Want to discuss this article with other members of our community? Want to join a laid back place to chill and discuss topics like programming, cybersecurity, web development, and Linux? Consider joining us today!