An nameless risk actor has posted what they declare to be 270GB of supply code stolen from the New York Instances on a preferred imageboard web site.
Seen by Infosecurity, the Friday submit claimed that the leak accommodates “principally all supply code” from the writer.
“There are round 5 thousand repos (out of them lower than 30 are moreover encrypted I believe), 3.6 million recordsdata whole, uncompressed tar. Please seed, the seedboxes may not be sufficient,” the submit learn.
The alleged leak was first noticed by safety researchers vx-underground.
“That is the second time this week proprietary info has been leaked onto 4chan,” they famous in a submit on X (previously Twitter). “Just a few days [ago] Membership Penguin recordsdata have been stolen from Disney’s inside community and leaked onto 4chan.”
At the moment on 4chan somebody leaked the supply code (?) to the New York Instances. They leaked 270GB of information
They wrote that the New York Instances has 5,000 supply code repositories, with lower than 30 being encrypted (?). It’s 3,600,000 recordsdata in whole
Be aware: We’ve not reviewed the information
— vx-underground (@vxunderground) June 6, 2024
There’s no present indication that each assaults have been carried out by the identical actor. It’s additionally unclear whether or not their claims are correct or not. Vx-underground mentioned it hadn’t but reviewed the leaked knowledge.
Learn extra on supply code leaks: Intel Confirms Supply Code Leak
It’s believed that the actor focused the New York Instances’ GitHub account.
A press release from the writer clarified {that a} safety incident occurred in January of this yr, when a credential to a “cloud-based third-party code platform” was “inadvertently made obtainable.”
The agency mentioned it shortly noticed the suspicious exercise and remediated the incident.
“There is no such thing as a indication of unauthorized entry to Instances-owned programs nor impression to our operations associated to this occasion,” it added. “Our safety measures embody steady monitoring for anomalous exercise.”
It’s unclear what the risk actor’s motivation for stealing and leaking the supply code was. One outlet claimed to have discovered a database of 1500 customers from an NYT training web site within the leaked trove. It apparently contained full names, electronic mail addresses and hashed passwords.
Additionally in there are inside communications from Slack channels, secrets and techniques together with personal person keys, and software program improvement particulars relating to the writer’s inside IT structure.
Picture credit score: Claudio Divizia / Shutterstock.com