New York Times Source Code Stolen Using Exposed GitHub Token
While BleepingComputer did not download the archive, the threat actor shared a text file containing a complete list of the 6,223 folders stolen from the company’s GitHub repository. The folder names indicate that a wide variety of information was stolen, including IT documentation, infrastructure tools, and source code, allegedly including the viral Wordle game. A ‘readme’ file in the archive states that the threat actor used an exposed GitHub token to access the company’s repositories and steal the data. The company said that the breach of its GitHub account did not affect its internal corporate systems and had no impact on its operations. The Times said in a statement to BleepingComputer: “The underlying event related to yesterday’s posting occurred in January 2024 when a credential to a cloud-based third-party code platform was inadvertently made available. The issue was quickly identified and we took appropriate measures in response at the time. There is no indication of unauthorized access to Times-owned systems nor impact to our operations related to this event. Our security measures include continuous monitoring for anomalous activity.”
Read more of this story at Slashdot.
News for nerds, stuff that matters
Source : https://news.slashdot.org/story/24/06/10/2122214/new-york-times-source-code-stolen-using-exposed-github-token?utm_source=rss1.0mainlinkanon&utm_medium=feed