An anonymous hacker has claimed to have leaked 270 GB of internal data and source code from The New York Times (NYT) on the controversial image board 4chan.
The leak, reportedly containing over 5,000 repositories and 3.6 million files, was published on June 6, 2024. It has since raised widespread concern and speculation about the potential implications for the historic news organization.
The hacker, who has not been identified, posted a magnet link to the files on 4chan, encouraging users to download and share the data. According to the hacker, the leaked collection comprises uncompressed tar files with fewer than 30 encrypted repositories.
The leaked data reportedly contains a variety of source code, including the blueprints of well-known games like Wordle, email marketing campaigns, and ad reports. The hacker’s message was signed “With love from /aicg/,” a nod to a 4chan community.
With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis
While the leak’s legitimacy has not been independently verified, cybersecurity experts and media outlets have expressed serious concerns. The Register reported that it had seen a list of files in the purported leak but had not confirmed their authenticity.
The New York Times has yet to respond to inquiries about the breach, leaving many questions unanswered about the extent and impact of the data theft.
The leak could pose significant risks to The New York Times if it is genuine.
Exposure to proprietary source code may expose vulnerabilities in the newspaper’s digital infrastructure, potentially facilitating cybercriminals to launch additional attacks.
Additionally, the leak may include sensitive personal information, although the exact nature of the data remains unclear.
The incident is similar to previous cyberattacks on media organizations. In 2013, the Syrian Electronic Army attacked The New York Times and other outlets, disrupting their operations and defacing their websites.
More recently, in 2016, suspected Russian cyber-spies breached email inboxes belonging to The New York Times and other American news organizations.
The New York Times data leak comes just days after another high-profile breach involving Disney. A hacker associated with the defunct online game Club Penguin claimed to have accessed Disney’s internal servers, leaking 2.5GB of sensitive corporate data.
This series of incidents highlights the growing threat of cyberattacks on major corporations and the need for robust cybersecurity measures.
The cybersecurity community has reacted with a mix of concern and skepticism. Vx-underground, a well-known repository for malware samples, noted the leak on its social media and stated that it had not yet reviewed the data.
Users on various platforms have expressed disbelief at the sheer volume of the leaked repositories, questioning how a newspaper could amass a large amount of source code.
As the leak investigation continues, The New York Times faces a challenging period of assessing the damage and bolstering its cybersecurity defenses.
The media industry, along with other sectors, must remain vigilant and proactive in protecting its digital assets from increasingly sophisticated cyber threats.
Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo