News: 1717803564

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

'New York Times source code' leaks online via 4chan

(2024/06/08)


A 4chan user claims to have leaked 270GB of internal New York Times data, including source code, via the notorious image board.

According to the unnamed netizen, the information includes "basically all source code belonging to The New York Time Company," amounting to roughly 5,000 repositories and 3.6 million files now available for download from peer-to-peer networks. Details on how to get the files were shared by the poster on 4chan.

While The Register has seen what's said to be a list of files in the purported leak, we have not yet verified the legitimacy of the leak, and the newspaper did not respond to inquiries about the case.

[1]

Of the code listed - whose filenames indicate everything from the blueprints to Wordle to email marketing campaigns and ad reports - "less than 30" are "encrypted," the 4channer claimed. Again, take this with a healthy dose of salt considering the source — an unnamed 4chan user.

[2]

[3]

The Register will update this story if and when we receive a response from The Times. But if true, [4]the theft could potentially cause a huge headache for the newspaper, given the list of stolen data. There's a lot of JavaScript and TypeScript in there, judging by the filenames, plus some personal information. It might be largely scraped from the public site, it might actually be stolen.

[5]Frontier Communications: 750k people's data stolen in April attack on systems

[6]Cisco fixes WebEx flaw that allowed government, military meetings to be spied on

[7]Russian hacktivists vow mass attacks against EU elections

[8]TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability

In 2013 The New York Times and other media outlets saw their [9]operations come under attack by a bunch of miscreants calling themselves the Syrian Electronic Army. During these incidents, which occurred over a period of months, readers were unable to visit some publications' websites at times; at other times, pages were defaced by intruders.

The Register was targeted, too, by the gang in a failed spear-phishing attack. At least one of our vultures was sent an email claiming to be from a senior editor, with a link to a fake copy of our publishing system to phish their credentials; the giveaway was that the message was far too cheery for that editor to be real. It also prompted us to introduce mandatory multi-factor authentication at work.

A few years later, in 2016, suspected [10]Russian cyber-spies broke into email inboxes belonging to The New York Times and other American news organizations. ®

[11]

PS: Subhead was inspired by Lester's [12]burning Burning Man man headline.

Get our [13]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZmPXaPU4iEP3sAWm8JnI3gAAAAw&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZmPXaPU4iEP3sAWm8JnI3gAAAAw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZmPXaPU4iEP3sAWm8JnI3gAAAAw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[4] https://x.com/vxunderground/status/1798856571931263480

[5] https://www.theregister.com/2024/06/07/frontier_communications_filing_cyberattack/

[6] https://www.theregister.com/2024/06/07/cisco_fixes_webex_flaw_which/

[7] https://www.theregister.com/2024/06/07/russian_hacktivists_eu_elections/

[8] https://www.theregister.com/2024/06/05/tiktok_confirms_cnn_accounts_hijacked/

[9] https://www.nytimes.com/2013/08/28/business/media/hacking-attack-is-suspected-on-times-web-site.html

[10] https://www.cnn.com/2016/08/23/politics/russia-hack-new-york-times-fbi/index.html

[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZmPXaPU4iEP3sAWm8JnI3gAAAAw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[12] https://www.theregister.com/2007/08/29/burning_man_arrest/

[13] https://whitepapers.theregister.com/



What!?

Anonymous Coward

Not Wordle!

There’ll be hell to pay if you stuff up my Wordle!

prh99

An anonymous 4chan poster was responsible for the "Gigaleak" leaks from Nintendo, so could very well be.

The Road goes ever on and on
Down from the door where it began.
Now far ahead the Road has gone,
And I must follow, if I can,
Pursuing it with eager feet,
Until it joins some larger way
Where many paths and errands meet.
And whither then? I cannot say.
-- J. R. R. Tolkien