Connect with us

Hi, what are you looking for?


Data Breaches

New York Times Responds to Source Code Leak

The New York Times has issued a statement after someone leaked source code allegedly belonging to the news giant. 

The New York Times has issued a statement after someone leaked a significant amount of source code allegedly belonging to the news giant. 

Reports emerged on Friday that someone had leaked 270 Gb of source code allegedly taken from The New York Times on the 4chan bulletin board. 

The leaker claimed to have obtained 5,000 repositories and a total of 3.6 million files, including source code for Wordle and other games. 

Stack Diary reported that the leaked data also includes a WordPress database storing information on roughly 1,500 users, including names, email addresses, and password hashes. The exposed data also reportedly includes authentication URLs and associated passwords, API tokens and secret keys. 

In a ‘readme’ file placed next to the leaked files, the hacker claimed to have gained access to the data after finding “a GitHub token that had access to the repositories”.

Contacted by SecurityWeek, The New York Times said it was aware of the incident and clarified that the data breach occurred in January 2024, “when a credential to a cloud-based third-party code platform was inadvertently made available”. 

“The issue was quickly identified and we took appropriate measures in response at the time,” a spokesperson for The Times said. “There is no indication of unauthorized access to Times-owned systems nor impact to our operations related to this event. Our security measures include continuous monitoring for anomalous activity.”

Related: Intel Confirms UEFI Source Code Leak as Security Experts Raise Concerns

Related: Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails

Advertisement. Scroll to continue reading.

Related: Mercedes Source Code Exposed by Leaked GitHub Token

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

CISA has appointed Jeff Greene as Executive Assistant Director for Cybersecurity and Trent Frazier as Assistant Director for Stakeholder Engagement.

David Chétrit has been appointed the CEO of Kudelski Security.

More People On The Move

Expert Insights