For HomeFor BusinessFor Partners
Data Breach Industry News
1 min read

New York Times' GitHub Software Repositories, Possibly Including Wordle, End Up on 4Chan

Silviu STAHIE

June 10, 2024

Promo Protect all your devices, without slowing them down.
Free 30-day trial
New York Times' GitHub Software Repositories, Possibly Including Wordle, End Up on 4Chan

The New York Times has suffered a security incident that resulted in the unauthorized release of data from 5,000 of its source code repositories, likely including that of the popular game Wordle.

Source code and other critical information are usually the target of attackers deploying ransomware, but sometimes employee mismanagement of credentials is enough. Over the weekend, information that source code seemingly belonging to the New York Times, roughly 270GB worth of data, showed up on the 4chan forums.

The information was originally posted by vx-underground on X, revealing that around 5,000 repositories are part of the leaked data, with 30 of them encrypted.

An initial assessment of the files, according to Bleeping Computer, showed that they were composed of various internal software tools, IT documentation, and, more importantly, the source code for the incredibly popular Wordle game.

"The underlying event related to yesterday's posting occurred in January 2024 when a credential to a cloud-based third-party code platform was inadvertently made available," said The New York Times in a statement to Bleeping Computer. “The issue was quickly identified and we took appropriate measures in response at the time. There is no indication of unauthorized access to Times-owned systems nor impact to our operations related to this event. Our security measures include continuous monitoring for anomalous activity.”

Whoever made the files available online also left comments in a readme file inside the archive that hint at the method used to breach the security. However, this information needs to be taken with a grain of salt. Apparently, someone got ahold of a GitHub access token, which is a significant security lapse. While the cloud hosting provider wasn't initially named, The New York Times later admitted that was the case.

While the company said that the January breach didn't affect its day-to-day operations, it remains to be seen if anything of consequence was caught in the data breach.

tags

Data Breach Industry News

Author

Silviu STAHIE

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

Right now Top posts

Netizens Fear Scammers Will Steal Their Savings but Do Little to Defend Themselves, Bitdefender Survey Shows
Industry News Scam

Netizens Fear Scammers Will Steal Their Savings but Do Little to Defend Themselves, Bitdefender Survey Shows

July 01, 2024

7 min read
Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report
Smart Home

Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report

June 26, 2024

2 min read
UEFA EURO 2024 Scams Are Already Here – How to Stay Safe
Scam Tips and Tricks

UEFA EURO 2024 Scams Are Already Here – How to Stay Safe

June 25, 2024

5 min read
Most People Still Write Important Passwords Down, Bitdefender Report Finds
Digital Privacy Threats

Most People Still Write Important Passwords Down, Bitdefender Report Finds

June 07, 2024

2 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

5 gifts from scammers you don't want under your Christmas tree
Protecting Your Important Tips and Tricks

5 gifts from scammers you don't want under your Christmas tree
Cristina POPOV

December 18, 2023

4 min read
The slippery slope of increased app usage during the holiday season
Protecting Your Important

The slippery slope of increased app usage during the holiday season
Alina BÎZGĂ

December 15, 2023

3 min read
This holiday season, share your love, not your passwords
Protecting Your Important Digital Privacy

This holiday season, share your love, not your passwords
Cristina POPOV

December 15, 2023

3 min read

Bookmarks

loader