The Internet Archive, the world’s largest digital library, found itself in hot water once again after a series of cyber-attacks have left users and media outlets concerned. After being reportedly back on its feet following previous attacks, the digital library now faces a new breach involving stolen access tokens for its Zendesk account.
On October 20, Internet Archive users and media outlets received an email that appeared to be from the Internet Archive Team, sharing a stolen access token for the digital library’s Zendesk account. The email accused the Internet Archive of not properly rotating many exposed API keys from their GitLab secrets, leading to vulnerabilities.
The email stated that a Zendesk token with permissions to access over 800,000 support tickets sent to info@archive.org since 2018 was compromised. This breach potentially exposed sensitive information from users who had interacted with the Internet Archive, raising privacy concerns.
Despite the unauthorized nature of the email, it was able to bypass email security checks, suggesting it originated from an authorized Zendesk server. Security researchers commented that the perpetrators behind the breach still maintain access to the Internet Archive’s systems and are sending a message to the organization.
Cybersecurity experts emphasized the importance of conducting a full audit and implementing robust security measures to prevent future attacks. Jake Moore, a global cybersecurity advisor, highlighted the need for companies to act swiftly in auditing their systems following a breach to strengthen defenses against malicious actors.
The breach at the Internet Archive also involved the exposure of a GitLab configuration file on one of the organization’s development servers, services-hls.dev.archive.org. The hacker behind the breach claimed to have obtained an authentication token from this file, allowing them to download source code from the Internet Archive.
This source code likely contained API access tokens for the Internet Archive’s Zendesk customer support system, further compromising user data and support ticket information. The breach has raised concerns about the security practices of the Internet Archive and the challenges organizations face in preventing further exploitation after a cyber-attack.
While the Internet Archive and its founder, Brewster Kahle, have not addressed the stolen access tokens or the Zendesk-approved email, cybersecurity experts urge organizations to prioritize security measures to protect sensitive data and prevent unauthorized access.
Both the Internet Archive and GitLab were contacted for comment on the issue, but have not responded at the time of writing. The incident serves as a reminder of the ongoing threats posed by cyber-attacks and the importance of maintaining robust cybersecurity measures to safeguard digital assets and user information.