A purported leak of The New York Times source code has been posted by an anonymous hacker on the controversial 4Chan message boards, according to reports.
This leak follows closely on the heels of a separate claim by a threat actor, linked to the now-defunct online game Club Penguin, who asserted to have infiltrated Disney’s internal servers and also shared evidence of the breach on 4chan.
The Disney hacker reportedly managed to obtain a significant amount of sensitive corporate data totaling 2.5GB, including files dated as recently as June 1st.
The New York Times (NYT) was reportedly breached with a claim that the renowned news organization was originated on 4chan at approximately 9:30 p.m. Eastern Daylight Time on June 6th.
Hacker repository vx-underground initially reported the NY Times’ leak on X, stating that they had not yet been able to review the purported 270 GB of stolen data.
“Today on 4chan someone released the source code (?) for the New York Times. They exposed 270GB of data,” vx-underground stated.
The individuals collecting malware stated that the hacker mentioned that the New York Times possesses over 5,000 source code repositories, with fewer than 30 being encrypted. The total number of files is 3,600,000.
The anonymous leaker from the NYT shared a magnet link to the uncompressed tar files and requested others to seed as the seedboxes may not be sufficient.
The leaked collection contains essentially all of The New York Times Company’s source code, totaling 270GB. There are approximately 5,000 repositories, with less than 30 of them possibly being additionally encrypted. The message was signed “With love from /aicg/.
VX-underground followers quickly joined in to discuss the extensive data cache, with many making lighthearted remarks about the surprising amount of content in the historic newspaper.
“Are we talking about the nytimes website? Or the software they use for writing/researching articles, formatting print editions, and overall newspaper operations?” one user commented.
“How can a regular newspaper have over 5,000 repositories containing 270GB of source code?!” questioned another user. “Just scrolling through the list of repositories made my thumb go numb,” added another user.
Vx-Underground also noted that this was the second instance of private information being leaked on 4chan this week.
They mentioned that a few days ago, Club Penguin files were stolen from Disney’s internal network. Club Penguin, a multiplayer online game franchise owned by Walt Disney, was originally launched in 2005 and was shut down in 2017.
According to Fandom’s Club Penguin Wiki page, more than 330,000,000 user accounts have been created for the game, which was played in over 190 countries.
Remakes of the game have resurfaced on private indie platforms, but one alternative site was shut down by Disney in 2022 due to copyright infringement, following the arrest of individuals suspected of running the game.
One Reddit user commented on the unexpected turn of events, saying, “The Club Penguin kids growing up and hacking Disney to get revenge on Club Penguin getting shut down is an unexpected, but oddly logical, turn of events.“
The self-proclaimed Club Penguin fan labeled the post “Internal Club Penguin PDFs” and simply stated, “I no longer need these :).” along with a link to the file dump.
vx-underground mentioned that there are 137 documents related to Club Penguin, covering product planning, proof-of-concepts, internal emails, and materials from other projects like Tron.
To show the cult following of Club Penguin in the gaming community, a user on 4Chan initiated a thread asking if the individual who shared Disney MMO internal files on /v/ was still present, expressing curiosity about additional content, particularly regarding Club Penguin.
“I’m curious if you have the complete character sheet document instead of individual pages, as it likely contains more characters. The image attached is an older sheet that a Club Penguin staff member previously shared for a character not included in the leaks. I would truly appreciate it if you could share that or any concept art you may have. Thank you.”
According to reports, the hacker managed to pilfer 2.5GB of confidential corporate data from Disney’s Confluence servers, which use Atlassian software.
Bleeping Computer, after reviewing the documents, noted that the Club Penguin PDFs constitute just a fraction of the information taken, indicating that the hackers discovered more than they had anticipated.
Subsequently, the threat actors revisited Disney’s servers to extract further sensitive data, such as “Disney’s corporate strategies, advertising plans, Disney+, internal developer tools, business projects, and internal infrastructure.”
According to a source speaking to the media, the servers were accessed through credentials that had been previously compromised.
A research team recently identified two significant vulnerabilities in Atlassian that impact Confluence. These vulnerabilities have been addressed with a released fix. It is believed that a large number of Confluence Server instances, primarily in the US, may have been affected by these vulnerabilities.
Related Stories: