127

A user on the online forum 4chan has leaked a massive 270GB of data belonging to The New York Times. This leak includes the source code for the newspaper’s digital operations.

Here are some other findings we can confirm:

  • The leak does have the original source code of the game Wordle, which the NY Times acquired in 2022.
  • The leak includes a dated WordPress database of 1,500 NY Times Education site users. The database contains names and surnames, email addresses, and hashed passwords. You should expect it to be added to HIBP shortly.
  • Several folders contain internal communications from NY Times Slack channels.
  • Times uses various machine learning algorithms and NLP techniques/scripts for its services.
  • Many exposed authentication methods exist, including authentication URLs and their respective passwords, secret keys, and API tokens. The majority are well protected, but plenty of such secrets need immediate attention. We have also seen private user keys used for authentication.
  • There are a lot of details about internal NY Times architecture from a software development point of view.

So far, it is difficult to say whether the NY Times will need to reset the passwords for everyone who is a member of its site.

It’s worth pointing out that this leak appears to involve data from The New York Times’s IT/infrastructure/website organization rather than the news organization composed of reporters. In media companies, these two entities are largely separate. The IT/infrastructure team handles the technical aspects of the website and digital operations, while the news organization manages reporting and editorial content.

you are viewing a single comment's thread
view the rest of the comments
[-] flan@hexbear.net 19 points 5 months ago* (last edited 5 months ago)

Looks like they put each of their modules in a separate repo. This wouldn't be a single project. NYTimes is a pretty huge operation. They obviously have their website but they also have apps, infrastructure to ingest and process whatever media they get, infrastructure for ads, games, security (lol), user account management, billing, legal, etc etc.

it's possible this is organized differently in their source control and it appears kinda disorganized because we're looking at it flattened.

this post was submitted on 08 Jun 2024
127 points (100.0% liked)

technology

23313 readers
275 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 4 years ago
MODERATORS