The Internet Archive Faces Another Cyber-Attack: Stolen Access Tokens and Data Breach
Just when it seemed that the Internet Archive had recovered from a recent wave of cyber-attacks, the world’s largest digital library finds itself in hot water once again.
On October 20, reports surfaced of Internet Archive users and media outlets receiving an email claiming to be from the Internet Archive Team, sharing a stolen access token for the digital library’s Zendesk account. Zendesk is a customer service platform used for managing support tickets.
The email accused the Internet Archive of failing to rotate many exposed API keys, including a Zendesk token with access to over 800,000 support tickets sent to info@archive.org since 2018.
The message sent chills down the spine: “Your data is now in the hands of some random guy. If not me, it’d be someone else.”
While the email appeared to be from an unauthorized source, it passed email security checks, indicating it may have originated from an authorized Zendesk server.
Security experts believe that the attack was a message from the hackers, showing that they still have persistent access and are not afraid to make their presence known.
Exposed GitLab Configuration File
The cyber-attacks on the Internet Archive included DDoS attacks, website defacement, and a data breach. The pro-Palestinian hacktivist group BlackMeta claimed responsibility for the DDoS attacks, but the data breach may have involved a different threat actor.
According to reports, the hacker behind the breach obtained an exposed GitLab configuration file from one of the organization’s development servers. This file contained an authentication token that allowed access to download source code from the Internet Archive, potentially including API access tokens for Zendesk.
This incident highlights the importance of companies conducting thorough audits and taking swift action to strengthen their defenses against future attacks.
While Internet Archive has not publicly commented on the breach, experts emphasize the need for organizations to have a clear view of access relationships and the ability to intervene directly in the event of a security incident.
As the cybersecurity landscape continues to evolve, companies must remain vigilant and proactive in safeguarding their data and systems.
For now, both Internet Archive and GitLab have remained silent on the issue, but the cybersecurity community watches closely for any updates or responses to this latest breach.