Internet Archive, a non-profit digital library, faced a second hack due to failed rotation of authentication tokens, as reported by CSO Online. The incident unfolded as Brewster Kahle, group chairman at Internet Archive, confirmed a Distributed Denial of Service (DDoS) attack on the organization’s websites, archive.org and openlibrary.org. In a Twitter post, Kahle expressed regret over the attack which disrupted service availability as a precautionary measure to ensure data safety.
Hours later, Kahle provided an update stating that the DDoS attack had been successfully fended off by the implementation of security measures including disabling the affected JavaScript library, system scrubbing, and security upgrades. However, the respite was short-lived as Internet Archive faced a second breach resulting from a failure to rotate authentication tokens.
Users received emails from the threat actor, highlighting the loophole in Internet Archive’s security practices. The hacker claimed that the stolen tokens were still valid for use due to Internet Archive’s negligence in rotating them. Specifically, a ZenDesk token with access permissions to over 800k support tickets sent to info@archive.org since 2018 was mentioned in the communication.
The revelation of the unrotated authentication tokens exposed the vulnerability in Internet Archive’s security protocols, raising concerns about data security and privacy. This incident underscores the importance of regular security audits, timely rotation of authentication tokens, and robust cybersecurity practices to safeguard sensitive information from malicious threats.
Internet Archive has yet to release an official statement addressing the second hack and the implications of the unrotated tokens. The organization is expected to enhance its security measures and implement measures to prevent similar incidents in the future. As the investigation into the breach continues, Internet Archive faces scrutiny over its data protection policies and response to cybersecurity threats.
In conclusion, the second hack on Internet Archive serves as a stark reminder of the persistent cyber threats faced by organizations in the digital age. The breach underscores the critical importance of proactive cybersecurity measures and continuous monitoring to mitigate risks and protect data integrity. Internet Archive’s response to the incident will be closely monitored as stakeholders assess the impact of the breach on user trust and confidence in the organization’s security practices.