The Internet Archive (Archive.org) suffered a second security breach in October 2024, which exposed support tickets via unrotated Zendesk API tokens. The organization faces reputational damage and risks to user data.

The Internet Archive, a non-profit organization founded by Brewster Kahle to preserve Internet history, experienced a series of cyberattacks during October 2024. It all started on October 9 with a double attack: a data leak and a distributed denial of access. -Service (DDoS) attacks that were immediately reported to Hackread.com.

The attack came to light through a message displayed on the Internet Archive website (archive.org), where the hackers themselves mocked the organization’s security vulnerabilities and announced the stolen data on a website called “Have I Been Pwned?” (CLBD).

Hackers reportedly took advantage of the GitLab token, compromising Archive’s source code and stealing user data from 31 million accounts. This exposed sensitive information including Bcrypt hashed passwords and email addresses.

Around the same time, the pro-Palestinian group SN_BlackMeta launched another DDoS attack, temporarily taking down the site, including the Wayback Machine, which collects snapshots of hundreds of billions of web pages. Although these attacks coincided, they were most likely carried out by separate organizations.

18 October Calais confirmed that the data stored is secure and that “Wayback Machine, Archive-It, scanning and scanning of national libraries have resumed.” He also said the organization is taking a cautious approach to rebuilding and strengthening defenses.

However, on October 20, 2024, the Internet Archive experienced another security breach when hackers used unrotated Zendesk API tokens to access its support platform. The hack exposed thousands of support tickets dating back to 2018 and potentially containing identification documents, and also revealed a serious flaw in the Archive’s security practices that resulted in the inability to regularly rotate access tokens.

What about the Internet Archive now?

The archive has suffered numerous hacks due to vulnerabilities in its infrastructure, which allowed attackers to gain access to user data. The attacks are believed to have been motivated by reputation rather than financial gain as the hackers sought recognition within hacker communities. Although no ransom demands have been made, stolen data poses risks such as phishing attacks and identity theft.

The Internet Archive has not yet commented on the recent hack. However, given that it serves as a critical repository of historical digital information, the series of attacks raises concerns about the long-term security of this digital treasure and highlights the importance of taking strong cybersecurity measures. Regular security audits, secure coding practices, and rapid response to vulnerabilities are essential to protecting user data and critical infrastructure.

RELATED TOPIC

1. DDoS attacks hit France due to the arrest of Telegram owner Pavel Durov
2. Archive of our own website, which suffered from massive DDoS attacks
3. Explore the US Government’s Updated DDoS Defense Guidance
4. Panamorfi DDoS attack exploits misconfigured Jupyter notebooks
5. Misconfigured AWS bucket exposed 421 GB of Artwork Archive data