The Internet Archive (Archive.org) suffered a second security breach in October 2024, exposing support tickets through unrotated Zendesk API tokens. The organization faces reputational damage and risks to user data.
The Internet Archive, a non-profit organization founded by Brewster Kahle to preserve the Internet’s history, has been experiencing a series of cyberattacks throughout October 2024. It all started on October 9th with a dual attack: a data breach and a Distributed Denial-of-Service (DDoS) attack, which were promptly reported by Hackread.com.
The attack was revealed with a message displayed on the Internet Archive’s website (archive.org), with the hackers themselves, taunting the organization’s security vulnerabilities and announcing the stolen data on a website called “Have I Been Pwned?” (HIBP).
Reportedly, the hackers exploited a GitLab token, compromising the Archive’s source code and stealing user data from 31 million accounts. This exposed sensitive information, including Bcrypt-hashed passwords and email addresses.
A Pro-Palestinian group SN_BlackMeta launched another DDoS attack around the same time, temporarily knocking the site offline, including the Wayback Machine, which collects snapshots of hundreds of billions of web pages. While these attacks coincided, they were likely conducted by separate entities.
On October 18, Kahle confirmed that stored data is safe and that “Wayback Machine, Archive-It, scanning, and national library crawls have resumed.” He also stated that the organization is taking a cautious approach to rebuilding and strengthening defences.
However, the Internet Archive experienced another security breach on 20 October 2024, where hackers exploited unrotated Zendesk API tokens to access its support platform. The breach exposed thousands of support tickets dating back to 2018, potentially containing personal identification documents, and highlighted a critical lapse in the Archive’s security practices, leading to a failure to rotate access tokens regularly.
What Now for the Internet Archive?
The Archive suffered multiple breaches due to vulnerabilities in its infrastructure, allowing attackers to access user data. It is speculated that the attacks were motivated by reputation rather than financial gain, with hackers seeking recognition within hacker communities. Although no ransom demands were made, the stolen data poses risks like phishing attacks and identity theft.
The Internet Archive hasn’t yet commented on the recent breach. Nevertheless, considering that it serves as a crucial repository of historical digital information, the series of attacks raise concerns about the long-term safety of this digital treasure trove and signifies the importance of strong cybersecurity measures. Regular security audits, secure coding practices, and prompt responses to vulnerabilities are essential for protecting user data and critical infrastructure.
RELATED TOPIC
- DDoS Attacks Hit France Over Telegram’s Pavel Durov Arrest
- Archive of Our Own Website Suffering Massive DDoS Attacks
- Examining the US Government’s DDoS Protection Guidance Update
- Panamorfi DDoS Attack Exploits Misconfigured Jupyter Notebooks
- Misconfigured AWS bucket exposed 421GB of Artwork Archive data