The New York Times warned several of its freelance partners that their data may have been stolen in a recent attack on their GitHub repositories.
It recently emerged that a hacker had posted source code belonging to the New York Times Company on the anonymous image board 4chan.
The archive contained some 5,000 repositories and 3.6 million files, which were available for download over peer-to-peer networks. Among the files were Wordle blueprints, email marketing campaign information, advertising reports, and more.
Phishing with job ads
At this time, we don't know how many freelancers are affected by the breach, but we do know that the hackers stole their full names, along with a combination of phone numbers, email addresses, postal addresses, nationality, biographies, and website . URLs and social media identifiers.
In some cases, attackers also obtained information relevant to different assignments, such as diving or drone certifications, or access to specialized equipment.
“The New York Times recently communicated to some of our contributors about an incident that resulted in the exposure of some of their personal information,” a Times spokesperson said. beepcomputer. “We sent this note to independent visual contributors who have worked for The Times in recent years. We have no indication that the data exposure has extended to full-time newsroom staff or other contributors.”
Cybercriminals could put that data to good use to mount highly disruptive phishing attacks. For example, North Korean state-sponsored hackers Lazarus Group were seen creating fake job advertisements and distributing information thieves disguised as job requirement documents. One of these attacks resulted in the theft of over $500 million from a cryptocurrency company.
Freelancers are always looking for new job opportunities, which could make them more susceptible to phishing emails compared to the average consumer. Especially if the new work apparently comes from the New York Times.
