The New York Times Details

    Organization Logo

    The New York Times

    New York, NY5900 employees • Media

    Industry

    Media

    Security Incidents

    1

    The New York Times is a renowned American newspaper known for its comprehensive news coverage and investigative journalism. Founded in 1851, it has a reputation for in-depth reporting on national and international issues. The paper also offers a wide range of sections including politics, business, technology, and culture, catering to a diverse readership.

    Security Incidents

    The New York Times Breach of Jun 2024
    Severity Score
    High

    Type

    Other

    Summary

    The New York Times experienced a substantial data breach in January 2024 when attackers accessed their GitHub repositories using a compromised GitHub token. The breach resulted in the loss of 270 GB of data, leaked on 4chan, encompassing source code for various projects including games like Wordle. The data leak included critical information such as a WordPress database containing 1,500 users' names, emails, and password hashes, and developer credentials like authentication URLs, API tokens, and secret keys. Additionally, the attackers stole personal information of some contributors, such as f...
    Show more

    Severity

    The data breach at The New York Times was highly severe, involving 270 GB of leaked source code and 3.6 million files, including critical information such as authentication URLs, API tokens, and secret keys. The breach also exposed a WordPress database containing the personal information of roughly 1,500 users. The incident underscores significant security vulnerabilities, despite The Times' measures to address the breach promptly.

    Impact

    The breach affected approximately 1,500 users whose personal information, including names, email addresses, and password hashes, was exposed. Additionally, it impacted users and developers associated with the 5,000 repositories and 3.6 million files leaked, including source code for games like Wordle. The incident also compromised sensitive data such as authentication URLs, API tokens, and secret keys.