I wonder if it was unintentional and some stupid caching setup returning dirty caches (and then more likely returning USA Today because that’s the most likely to have caused the first cache hit).

I've also seen similar behavior with thread-unsafe code (the time I saw something like this was very painful -- email messages were generated at about the same time in parallel, and most were sent to the wrong recipients.)

Congrats, you were right on the money: https://news.ycombinator.com/item?id=30623408

That would be my guess too. Someone set up OpenRTB in a development environment where caching was disabled or only one page was getting requests, so the inappropriate caching wasn't detected -- and, because the cached page data would have the same overall distribution as real requests, it would have taken a while for someone to notice the page data was wrong.

This thread from the publisher addresses this: https://twitter.com/burk504/status/1501618260466233344

Doesn't the request for the header bid include the Referer HTTP header? Wouldn't this be easy to detect?

From looking at their examples, they don't populate the 'ref' field of the ortb2 structure.

There's an argument to be made here that the advertiser isn't being completely deceived because they're choosing to accept data without a 'ref' field which means they don't know or care - beyond keywords - what page the advert ends up on.