Network Security, Third-party code, Supply chain

New York Times confirms source code compromise

GitHub symbol

The New York Times confirmed its GitHub repository was breached in January following the leak of its internal source code and data as part of a 273 GB archive on the 4chan message board, reports BleepingComputer.

Such an archive purportedly contains the New York Times' entire source code, including nearly 5,000 repositories, fewer than 30 of which are encrypted, and 3.6 million files, according to the 4chan forum post by an anonymous user. Another text file shared by the hacker showed a list of more than 6,200 folders exfiltrated in the incident, which included infrastructure tools and IT documentation.

Despite the intrusion, the New York Times emphasized that none of its internal systems or operations were affected.

"The issue was quickly identified and we took appropriate measures in response at the time… Our security measures include continuous monitoring for anomalous activity," said The Times.

Such a development comes days after Disney's Club Penguin game had its internal documents also exposed on 4chan but whether both incidents are connected to the same threat actor remains a mystery.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.