New York Times Data Breach Reveals Secrets & Source Code

The New York Times had its internal source code leaked on a 4chan message board in June 2024, with over 5,000 repositories compromised, including sensitive data from their IT & Infrastructure organization. The breach occurred six months prior and was accessed using stolen GitHub credentials. The leak has raised concerns about the security of other organizations that use similar cloud-based platforms. To mitigate such incidents, it is essential to configure secure permissions on GitHub and leverage tools like Arnica to detect and eliminate hard-coded secrets from code.