BlueOptima’s Post

😯 Possessing the right tools to detect such issues in source code is undeniably urgent! Organisations must have the necessary and adequate resources in place to quickly identify and mitigate these risks before they further compromise security.

How safe is your source code? BlueOptima can tell you with our Secrets Detection feature to autonomously & proactively investigate potential risks within your repositories.

🚨 Exposed GitHub Token Leads to Leak of New York Times Source Code The New York Times confirmed a data leak after internal source code and data were stolen from its GitHub repositories and posted on the anonymous message board 4chan. Top 3 takeaways: 🧑💻 An anonymous user leaked a 273GB archive containing approximately 3.6 million files and 5,000 repositories, including the source code for the Wordle game. 🔓 The breach was executed using an exposed GitHub token, allowing unauthorized access to the company’s code repositories. 👀 The New York Times stated that the breach did not affect its internal corporate systems or operations, and it has taken measures to monitor for anomalous activity. 🛡️ This incident highlights the importance of securing credentials and continuous monitoring for potential security breaches. #cybersecurity #news #newyorktimes #dataleak #kraven #KravenSecurity #adamgoss #cti #threatintelligence

🚨 Security Alert: The New York Times was breached 🚨 Another case of an exposed secret leading to a company breach. The New York Times internal source code was stolen through an exposed GitHub token. A stark reminder of the importance of rigorous security practices. This incident, which resulted in a massive leak of 270GB of source code and data, underscores the vulnerabilities even leading organizations face. https://lnkd.in/dTHpQ58K Key takeaways: - Always secure your credentials. Tokens left exposed can lead to devastating consequences. - Regular audits and monitoring of your repositories can help catch vulnerabilities and hardcoded secrets early. - Employee training on security best practices is essential. This breach is not just a warning but an opportunity for all of us in the software industry to tighten our security measures and safeguard our systems against such threats. Need help doing this? Contact Legit Security. #GitHub #SecretsScanner #DevSecOps #SSCS #ASPM

‼️New York Times Source Code Stolen via Exposed GitHub Token‼️ Was scrolling through my Google App on my phone and one of the articles recommended to me was a BleepingComputer article discussing the recent data breach faced by New York Times. Recently, the New York Times faced a significant security breach where internal source code and data were stolen due to an exposed GitHub token. This incident highlights the critical risks of mismanaged access credentials. Why This Matters 🤔 1. Security Vulnerabilities: Exposed tokens can lead to unauthorized access and data theft. 2. Credential Management: Ensuring proper management and protection of access tokens is essential. More information in the article. #cybersecurity #databreach #infosec

NY Times code leaked on 4chan Internal source code and data of The New York Times were leaked on 4chan, amounting to a 273GB archive containing approximately 3.6 million files from 5,000 repositories. The breach occurred due to an exposed GitHub token, allowing unauthorized access to The Times' repositories. The compromised data includes IT documentation, infrastructure tools, and the Wordle game source code. The incident took place in January 2024, with the leaked data surfacing on 4chan in June 2024. The Times quickly identified and responded to the exposed credentials back in January. The Times confirmed that their internal corporate systems and operations were not impacted. They maintain continuous monitoring to detect any unusual activities. This incident followed another leak earlier in the week, involving Disney's Club Penguin game, suggesting a potential trend of targeting major companies. Cybersecurity and privacy news and trainings: https://dataleaks.org #github #cybersecurity #sourcecode #databreach #newyorktimes

🚨 The New York Times has reported a security breach involving stolen source code, facilitated by an exposed GitHub token. This incident underscores the critical need for robust access management and security protocols around sensitive resources. Learn about the implications of this breach and how to protect your digital assets. #Cybersecurity #SourceCodeTheft #GitHubSecurity"

Github repository is not to store tokens. Use password vault, secret manager or privileged access management solution for keeping your passwords, tokens, access keys, certificates. more importantly isolate the vault server and preferably use physical server instead of VM for credentials vault. Do not hard code credentials. Always put a tick on the checkbox of your code repository to not allow tokens at any commit. however it is not guarantee that it can stop all the commits, so educate the developers. moreover, scan your all public repositories regularly. Do not store tokens in any code repository. 😀 Do not underestimate identity and access management. Last but not the least, some people learn from A2Talks and some are taught by Mr. Hacker. Choice is yours. 😜 #databreach #cybersecurity

Significant Source Code Leak at The New York Times Following GitHub Token Exposure A security breach that spells caution for developers: The internal source code of The New York Times was leaked onto the 4chan platform after unauthorized access to the company’s GitHub repositories. An exposed GitHub token appears to be the culprit behind this breach. The attackers exploited this to access and exfiltrate data from the organization's software repositories. A “readme” included within the archive points to the misuse of the exposed token as the method of intrusion. This data theft incident is a stark reminder of the fragility of code security in the digital age. Stay Protected. Stay Secure. #cybersecurity #cyberattack #databreach #github #vulnerability #intrusion #hackers https://lnkd.in/dhrZ-wMS

Think you are immune to being hacked, infiltrated, compromised? Think again. Want to protect those critical digital assets? Think Goldilock. Reach out to our dynamic sales team - Steven Brodie (UK) and Jacob Myers (US) to see how you can take the next step in securing your most precious data and keep that confidential information, actually confidential. DM me anytime if you’d like an introduction. #hacked #cybersecurity #cybersecurityawareness #NYTimes #rethinkcyberprotection