126

The New York Times source code leaked by a 4chan user (stackdiary.com)

submitted 4 months ago by geese_feces@hexbear.net to c/technology@hexbear.net

23 comments fedilink hide all child comments

A user on the online forum 4chan has leaked a massive 270GB of data belonging to The New York Times. This leak includes the source code for the newspaper’s digital operations.

Here are some other findings we can confirm:

The leak does have the original source code of the game Wordle, which the NY Times acquired in 2022.

The leak includes a dated WordPress database of 1,500 NY Times Education site users. The database contains names and surnames, email addresses, and hashed passwords. You should expect it to be added to HIBP shortly.

Several folders contain internal communications from NY Times Slack channels.

Times uses various machine learning algorithms and NLP techniques/scripts for its services.

Many exposed authentication methods exist, including authentication URLs and their respective passwords, secret keys, and API tokens. The majority are well protected, but plenty of such secrets need immediate attention. We have also seen private user keys used for authentication.

There are a lot of details about internal NY Times architecture from a software development point of view.

So far, it is difficult to say whether the NY Times will need to reset the passwords for everyone who is a member of its site.

It’s worth pointing out that this leak appears to involve data from The New York Times’s IT/infrastructure/website organization rather than the news organization composed of reporters. In media companies, these two entities are largely separate. The IT/infrastructure team handles the technical aspects of the website and digital operations, while the news organization manages reporting and editorial content.

all 26 comments

sorted by: hot top controversial new old

[-] RION@hexbear.net 76 points 4 months ago

Several folders contain internal communications from NY Times Slack channels.

My body is ready

[-] Angel@hexbear.net 21 points 4 months ago

[-] MaoTheLawn@hexbear.net 15 points 4 months ago

When will that stuff be released?

[-] BountifulEggnog@hexbear.net 11 points 4 months ago* (last edited 4 months ago)

I haven't looked over the leak myself, but it is available online. Not sure if I can/should post the torrent though. But if you look around I'm sure you can find it.

[-] RION@hexbear.net 6 points 4 months ago

¯\_(ツ)_/¯

[-] ElChapoDeChapo@hexbear.net 5 points 4 months ago

sicko-pog

[-] Gay_Tomato@hexbear.net 62 points 4 months ago

The leak does have the original source code of the game Wordle, which the NY Times acquired in 2022.

sicko-wholesome

[-] kristina@hexbear.net 37 points 4 months ago

...so? Isn't that just like a normal website

[-] Diuretic_Materialism@hexbear.net 51 points 4 months ago

Several folders contain internal communications from NY Times Slack channels.

There potentially could be something interesting in there

[-] alexandra_kollontai@hexbear.net 4 points 4 months ago

magnet link is in this thread if you want to try dig up some liberalism: https://boards.4chan.org/t/thread/1310643#p1310643

I have no goddamn idea why the tracker links are like that. average 4chan stuff I guess

[-] emizeko@hexbear.net 37 points 4 months ago

The New York Times has over 5,000 source code repositories

that seems like a lot

[-] chickentendrils@hexbear.net 34 points 4 months ago* (last edited 4 months ago)

Something weird about that figure. Branches within repos maybe, otherwise those are mostly junk or their supply chain attack security requirements had them cloning and building themselves the repos of every open source library they've ever used for vulnerability scans.

[-] glans@hexbear.net 20 points 4 months ago* (last edited 4 months ago)

the article links to this list of repos https://files.catbox.moe/jx7ksm.txt and says is 6200 lines long.

i am not framiliar enough with this kind of development to know if this is a reasonable structure for this kind of large project. anyone?

[-] flan@hexbear.net 19 points 4 months ago* (last edited 4 months ago)

Looks like they put each of their modules in a separate repo. This wouldn't be a single project. NYTimes is a pretty huge operation. They obviously have their website but they also have apps, infrastructure to ingest and process whatever media they get, infrastructure for ads, games, security (lol), user account management, billing, legal, etc etc.

it's possible this is organized differently in their source control and it appears kinda disorganized because we're looking at it flattened.

[-] blobjim@hexbear.net 11 points 4 months ago* (last edited 4 months ago)

It's probably just every repository name on their spurce control management server. Users can usually create their own repositories whenever. So a bunch if these could just be random little experiments or side projects people made.

[-] RedWizard@hexbear.net 6 points 4 months ago

Spruce Control is all the rage these days, but what about Douglass Fir Control?

[-] came_apart_at_Kmart@hexbear.net 34 points 4 months ago

the source code that serves up news content is 500 MB.

the rest is for interactive pop ups and mobile layout breaking, random spontaneous, invisible click boxes to makenit so you accidentally activate an ad when trying to watch, pause, close or otherwise interact with a video.

it is some of the most cutting edge website complicating code ever written.

[-] dch82@lemmy.zip 1 points 4 months ago

500MB? What the heck? That’s literally 350 or so floppies or so many win95 installs

[-] Awoo@hexbear.net 18 points 4 months ago

So do we think this is a random person or?

Every leak that specifically happens on 4chan I tend to assume is a cia op that uses 4chan because they want to promote it.

[-] Nakoichi@hexbear.net 19 points 4 months ago

Either that or it's where people go to leak shit from inside. Wouldn't rule out this being some rogue comrade.

this post was submitted on 08 Jun 2024

126 points (100.0% liked)

technology

23238 readers

259 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 4 years ago

MODERATORS

Jadzia_Dax@hexbear.net

blashork@hexbear.net

context@hexbear.net

EmmaGoldman@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

ZoomeristLeninist@hexbear.net