Internal source code and data belonging to The New York Times were leaked on the infamous 4chan message board in January 2024.

The stolen information, amounting to a staggering 273GB, was allegedly taken from the company’s GitHub repositories.

“Basically all source code belonging to The New York Times Company, 270GB,” reads the 4chan forum post.

“There are around 5 thousand repos (out of them less than 30 are additionally encrypted I think), 3.6 million files total, uncompressed tar.”

Buy Me A Coffee
The leak of New York Times source code on 4chan
Source: BleepingComputer

Details of the Breach

The leaked data, as verified by BleepingComputer, was shared by an anonymous user who posted a torrent to a massive archive containing the stolen information. This archive allegedly holds nearly all of The New York Times’ source code, encompassing approximately 5,000 repositories and 3.6 million files.

A ‘readme’ file within the archive reveals that the perpetrator exploited an exposed GitHub token to gain access to the company’s repositories and exfiltrate the data. The New York Times confirmed the breach to BleepingComputer, stating that it occurred in January 2024 due to inadvertently exposed credentials for a cloud-based third-party code platform, later confirmed to be GitHub.

The company said that the breach of its GitHub account did not affect its internal corporate systems and had no impact on its operations.

10 Reasons You'll Want to Update to iOS 18 Right Now