Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

New York Times warns freelancer journalists their data may have been stolen in cyberattack

Wordle on New York Times.

The New York Times has warned a number of its freelance associates that their data may have been stolen in a recent attack on its GitHub repositories.

News recently broke of a hacker posting source code belonging to the New York Times Company on the anonymous imageboard, 4chan. 

The archive contained some 5,000 repositories, and 3.6 million files, which were made available for download via peer-to-peer networks. Among the files were Wordle blueprints, email marketing campaign information, ad reports, and more.

Phishing with job ads

At this time, we don’t know how many freelancers are affected by the breach, but we do know that the hackers stole their full names, together with a combination of either phone numbers, email addresses, postal addresses, nationality, biographies, website URLs, and social media handles.

In some cases, the attackers also obtained information relevant to different assignments, such as diving or drone certifications, or access to specialized equipment.

"The New York Times recently communicated to some of our contributors regarding an incident that resulted in the exposure of some of their personal information," a Times spokesperson told BleepingComputer. "We sent this note to freelance visual contributors that have done work for The Times in recent years. We don’t have indications the data exposure extended to full-time newsroom staff or other contributors."

Cybercriminals could make good use of such data, to mount highly disruptive phishing attacks. For example, North Korean state-sponsored hackers, Lazarus Group, were seen  making fake job ads and distributing infostealers masqueraded as job requirement documents. One of these attacks resulted in the theft of more than half a billion dollars from a cryptocurrency company.

Freelancers are always looking for new job opportunities, which could make them more susceptible to phishing emails, compared to the average consumer. Especially if the new gig seemingly comes from the New York Times.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.