Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



New York Times source code stolen using exposed Github token

June 2024 by Sylvain Cortes, VP Strategy at Hackuity

After the New York Times has had its source code stolen using an exposed Github token.
Sylvain Cortes, VP Strategy, Hackuity comments:

“The recent data breach at The New York Times is a stark reminder of the persistent threats facing our digital infrastructure. In January 2024, the company’s GitHub repositories were compromised, leading to the leak of internal source code and data on the 4chan message board.

The leaked data, first spotted by VX-Underground, was distributed via a torrent containing a 273GB archive. An anonymous user shared a text file listing the 6,223 folders stolen, which included IT documentation, infrastructure tools, and source code. Notably, the source code for the popular Wordle game was allegedly among the stolen data.

A ’readme’ file within the archive revealed that the breach was facilitated by an exposed GitHub token, allowing the threat actor to access and exfiltrate the data. This breach highlights the critical need for secure handling of sensitive information and the implementation of stringent access controls.

As cyber threats evolve, organisations must remain vigilant and proactive in protecting their assets. The New York Times’ experience serves as a cautionary tale, emphasizing that even prominent institutions are not immune to cyber-attacks. It is a call to action for all companies to reassess their security protocols and ensure that they are prepared to defend against such sophisticated threats”

See previous articles


See next articles

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55

All new podcasts