HQ/EMEAFind out how we can help your business
The New York Times notified the freelancers who contribute to their company that some of their sensitive personal information had been stolen and leaked during a hacking incident on its GitHub repositories earlier this year.
According to reports, the perpetrators of the data breach attack used unprotected credentials to acquire access to the newspaper’s GitHub repositories. However, the hack did not affect the newspaper’s internal corporate systems or activities.
Still, the breach resulted in a data heist that included information such as first and last names, phone numbers, email addresses, mailing addresses, nationality, bios, website URLs, and social media usernames.
In addition, the compromised repositories contained assignment-related information, such as diving and drone certificates or access to specialist equipment.
Numerous freelancers for the New York Times might face various problems as the GitHub data breach compromised gigabytes of data.
The New York Times’ stolen data has reached 273GB of torrent files. The attackers have also allegedly posted the stolen data immediately on the 4chan forum.
The attackers also posted a caption that stated that the posted data is basically all source code owned by the newspaper company. The post indicated approximately five thousand repos, including 3.6 million files total and uncompressed tar.
However, earlier this month, a post on another third-party site made this data publicly available. The posting included a file containing some of the contributors’ personal information.
Furthermore, the folder names indicate that a wide range of information was stolen, including IT documentation, infrastructure tools, source code, and the popular Wordle game. The ‘readme’ file in the archive also revealed that the threat actor got access to the company’s repositories and nabbed the data through an exposed GitHub token.
The company warns anyone affected by the data breach to be mindful of unsolicited emails, phone calls, or texts asking for personal information, which might be exploited to gain unauthorised access to their accounts.
Everyone is advised to make sure that their accounts, such as email and social media, have strong passwords and 2FA to prevent unwanted access.
