“New York Times source code” leaked online via 4chan • The Register

A 4chan user claims to have leaked 270GB of New York Times internal data, including source code, via the infamous image board.

According to the unnamed Internet user, the information includes “essentially the entire source code of the New York Time Company,” meaning around 5,000 repositories and 3.6 million files that are now available for download on peer-to-peer networks. The author shared details of how the files were retrieved on 4chan.

While The registry While we have seen a list of files from the alleged data leak, we have not yet been able to verify the legitimacy of the leak and the newspaper did not respond to inquiries about the case.

Of the code listed — the filenames of which include everything from blueprints to Wordle to email marketing campaigns and promotional reports — “less than 30” are “encrypted,” the crook claimed. Again, given the source — an unnamed 4chan user — a healthy dose of skepticism is warranted.

The registry We'll update this story if we get a response from the Times. But if true, the theft could potentially cause the paper a major headache, given the list of stolen data. Judging by the file names, there's a lot of JavaScript and TypeScript in there, as well as some personal information. The data could have been mostly copied from the public site, or it could actually have been stolen.

In 2013, the New York Times and other media outlets were attacked by a gang of criminals calling themselves the “Syrian Electronic Army.” During these incidents, which lasted for several months, readers were temporarily unable to access the websites of some publications, and at times pages were defaced by intruders.

The registry was also targeted by the gang in a failed spear phishing attack. At least one of our Vultures was sent an email purporting to be from a senior editor, containing a link to a fake copy of our publishing system in an attempt to steal his credentials. The clue was that the message was far too cheery for that editor to be real. It also prompted us to implement mandatory multi-factor authentication at work.

A few years later, in 2016, suspected Russian cyber spies broke into the email accounts of the New York Times and other American news organizations. ®

P.S.: The subheadline was inspired by Lester's burning Burning Man headline.