The New York Times’ internal source code and data were leaked on the 4chan message board. The new work times confirmed to Bleeping Computer that they were stolen from the company’s GitHub repositories in January 2024.
Source; vx underground
An anonymous user leaked internal data on Thursday. They posted a torrent containing a 273GB archive of the stolen data, as revealed by VX-Underground.
Security researchers have discovered a database with 184 million account credentials, highlighting the need to update compromised passwords, strengthen weak...
Palo Alto Networks warns a reflected cross-site scripting (XSS) vulnerability, CVE-2025-0133, in the GlobalProtect gateway and portal features of its...
Pwn2Own Berlin 2025, a top cybersecurity contest, awarded $1,078,750 to researchers who discovered 29 zero-day vulnerabilities in various enterprise technologies....
A recently discovered vulnerability, CVE-2025-22157, threatens organizations using Atlassian’s Jira Core Data Center and Jira Service Management Data Center by...
Billions of files, including documents, source code, and backups, are leaking because of misconfigured cloud storage. Cyble, a cybersecurity company...
Siemens issued a security advisory (SSA-047424) for two serious vulnerabilities—CVE-2025-26389 and CVE-2025-26390—impacting the OZW672 and OZW772 web servers. These servers...
“Basically all source code belonging to The New York Times Company, 270GB,” reads the 4chan forum post.
The attacker shared a text file with a list of 6,223 folders stolen from the company’s GitHub repository.Many different types of information were stolen, such as IT documentation, infrastructure tools, and source code. This includes the popular Wordle game.
According to the ‘readme’ file, the attacker used a GitHub token that was exposed to gain unauthorized access to the company’s repositories and steal data.
Source: Bleeping computer
In a statement to BleepingComputer, The Times said the breach occurred in January 2024 after credentials for a cloud-based third-party code platform were exposed. A subsequent email confirmed this code platform was GitHub.
The company stated that the breach of its GitHub account did not affect its internal corporate systems and had no impact on its operations.