The Internet Archive, a non-profit digital library, has disclosed its third security incident in recent weeks. Attackers exploited unrotated Zendesk API tokens in the latest incident, which occurred on 20 October. These tokens granted them access to the support ticket management software.
The Internet Archive, developed by Brewster Kahle in 1996, aims to provide “universal access to all knowledge.” It’s best known for the Wayback Machine, which archives webpages and allows users to see how they appeared in the past. Historians, scholars, and the general public all benefit significantly from this resource.
This breach marks the third attack this month, underscoring the persistent security challenges faced by the non-profit digital library. The disclosure was made in an email sent on Sunday to individuals who interacted with the Internet Archive (IA) and had their queries processed using Zendesk, the customer care platform.
Internet Archive Library Services Director Chris Freeland disclosed Monday night that a hacker had sent emails to users by taking advantage of a third-party helpdesk system.
The incident began on 9 October with a synchronised dual attack involving a data breach and a distributed denial-of-service (DDoS) attack. The hack was made public when the attackers criticised the Internet Archive’s vulnerabilities in a statement on its website (archive.org). They also disclosed the stolen information on the well-known breach reporting portal “Have I Been Pwned?”.
The Vx-underground security research group commented on X:
It appears that the person(s) who compromised The Internet Archive still maintain some form of persistent access and are trying to send a message.
The Internet Archive claimed that it was moving closer to resuming operations following several cybersecurity events that forced it down. But a hacker sent a dismal email to everybody who had been in touch with the company over the weekend.
Attackers wrote:
It’s dispiriting to see that even after being made aware of the breach 2 weeks ago, Internet Archive has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.
Hackers Exploited Unrotated GitLab Token in Internet Archive Breach
On October 9, 2024, the Internet Archive faced two simultaneous attacks. One included a DDoS attack purportedly executed by a pro-Palestinian organisation known as SN_BlackMeta, while the other involved a data breach that exposed the personal information of 33 million people.
Even though they occurred at the same time, different threat actors were responsible for each occurrence. A lot of media sites stated incorrectly that SN_BlackMeta was in charge of both the data leak and the DDoS attack.
On October 20, 2024, the Internet Archive had yet another breach. Hackers got access to Zendesk’s help systems by taking advantage of out-of-date API tokens.
The breach exposed thousands of support tickets, some dating back to 2018, which may have included personal identification documents. The incident uncovered a serious vulnerability in the Archive’s security processes, including a failure to cycle access tokens on a regular basis.
As of Monday, Freeland informed users that archive.org was operational again, though in read-only mode. Essential services such as uploading, borrowing, reviews, and interlibrary loans remain unavailable.
Multiple breaches at the Internet Archive stemmed from infrastructure vulnerabilities, granting hackers access to user data. Rather than seeking financial gain, the hackers appeared to desire recognition within their communities.
The compromised data could potentially lead to identity fraud and phishing attempts, despite no ransom demands being made. The Internet Archive has not yet issued a formal statement regarding the incident.
These attacks raise important questions about the long-term security of this critical resource, given its role as a major repository of digital history. Protecting user data and infrastructure requires robust cyber-security measures, such as frequent audits, secure coding practices, and prompt responses to vulnerabilities.
Security Awareness Training remains one of the most cost-effective methods of boosting cyber-security within your business. Have a look at our free Click-Prone® Test to find out how many of your staff are susceptible to a phishing attack and learn how you can reduce this number today.
