In January 2024, attackers obtained an exposed GitHub token and accessed NYTimes repositories. Leveraging the exposed secret, the attackers exfiltrated 270GB of data, including source code, IT documentation, and infrastructure tools.
None of the NYTime's internal systems were exposed, but sensitive data about their freelancers was.
Today, a significant portion of traffic does not travel through your firewalls or API Gateway, especially communication between your third-party applications. This means you do not have visibility into how your sensitive data is being accessed and by who.
NYTimes was breached through a very common attack vector these days, a compromised credential. Since the attackers gained access to “valid credentials”, it is almost impossible to detect that a nefarious actor is leveraging the credentials.
Unless you have Vorlon. With Vorlon, New York Times would've been alerted to the new connection to their system early, and Vorlon would have provided a few different alerts / alert types to notify them of the exfiltration of their data.
Here is a brief overview of some of those alerts:
Vorlon has the capability to help you secure your third-party applications and provide a level of visibility that is otherwise difficult to achieve.
Don’t rely on legal agreements with your vendor to secure your data, take back control and provide yourself with a way to secure it.