Internet Archive Breached, Again

Reading time icon 3 min. read


Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

Internet Archive Breached, Again

The Internet Archive has been hit by a third security breach within the span of two weeks after a hacker managed to take control of the organization’s support system, Zendesk, and send messages to people who had submitted support requests.

In an email shared with BleepingComputer, the hacker says they were able to access the Internet Archive’s customer support ticket system through a Zendesk token. The threat actor claims to have access to “thousands” of support tickets dating back to 2018, including those from users who sent in personal identification documents to be removed from the web archive’s services.

“It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets,” the hacker wrote in an email, using the abbreviation “IA” to refer to the Internet Archive. “Whether you were trying to ask a general question or requesting the removal of your site from the Wayback Machine, your data is now in the hands of some random guy. If not me, it’d be someone else.”

The hacker has also been using the support ticket platform to send responses to users who’ve reached out to the Internet Archive for other reasons. The emails contain the same message as the email shared with BleepingComputer, indicating that the threat actor has control of multiple Zendesk accounts.

It’s not clear which threat actor is behind the latest Internet Archive breach, but the intrusion complicates the already messy situation with the Web Archive’s security. On October 9, a hacker leaked 7TB of the Internet Archive’s source code, user database, and more after accessing the data through a GitLab token that had been exposed since 2022. Then, a separate attacker launched a DDoS attack against the Internet Archive in an attempt to take the site offline, leading to the Web Archive temporarily shuttering.

The Internet Archive has had a hell of a month, and it’s not over yet. After a hacker leaked 7 terabytes of the web archive’s data and a separate attacker launched distributed denial-of-service (DDoS) attacks against the site, the Internet Archive founder Brewster Kahle decided to take the entire platform offline to patch security holes.

The Internet Archive returned in read-only mode, with the Wayback Machine Internet archive, the Internet Archive’s blog, and Archive-It.org (a tool for creating and managing web archives) available to view but not to update. In an update on Sunday, the Internet Archive said that it would be keeping the read-only version of its site up for “several more days” as it continued to work on security.

“We’re taking a cautious, deliberate approach to rebuild and strengthen our defenses,” the Internet Archive wrote. “Our priority is ensuring the Internet Archive comes online stronger and more secure.”

User forum

0 messages