Internet Archive Breached, Again

The Internet Archive has been hit by a third security breach within the span of two weeks after a hacker managed to take control of the organization’s support system, Zendesk, and send messages to people who had submitted support requests.

In an email shared with BleepingComputer, the hacker says they were able to access the Internet Archive’s customer support ticket system through a Zendesk token. The threat actor claims to have access to “thousands” of support tickets dating back to 2018, including those from users who sent in personal identification documents to be removed from the web archive’s services.

Best VPNs we've tested and recommend:

Editor's Choice

Private Internet Access

Access content across the globe at the highest speed rate.

70% of our readers choose Private Internet Access

70% of our readers choose ExpressVPN

ExpressVPN

Browse the web from multiple devices with industry-standard security protocols.

Nord VPN

Faster dedicated servers for specific actions (currently at summer discounts)

“It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets,” the hacker wrote in an email, using the abbreviation “IA” to refer to the Internet Archive. “Whether you were trying to ask a general question or requesting the removal of your site from the Wayback Machine, your data is now in the hands of some random guy. If not me, it’d be someone else.”

The hacker has also been using the support ticket platform to send responses to users who’ve reached out to the Internet Archive for other reasons. The emails contain the same message as the email shared with BleepingComputer, indicating that the threat actor has control of multiple Zendesk accounts.

It’s not clear which threat actor is behind the latest Internet Archive breach, but the intrusion complicates the already messy situation with the Web Archive’s security. On October 9, a hacker leaked 7TB of the Internet Archive’s source code, user database, and more after accessing the data through a GitLab token that had been exposed since 2022. Then, a separate attacker launched a DDoS attack against the Internet Archive in an attempt to take the site offline, leading to the Web Archive temporarily shuttering.

The Internet Archive has had a hell of a month, and it’s not over yet. After a hacker leaked 7 terabytes of the web archive’s data and a separate attacker launched distributed denial-of-service (DDoS) attacks against the site, the Internet Archive founder Brewster Kahle decided to take the entire platform offline to patch security holes.

The Internet Archive returned in read-only mode, with the Wayback Machine Internet archive, the Internet Archive’s blog, and Archive-It.org (a tool for creating and managing web archives) available to view but not to update. In an update on Sunday, the Internet Archive said that it would be keeping the read-only version of its site up for “several more days” as it continued to work on security.

“We’re taking a cautious, deliberate approach to rebuild and strengthen our defenses,” the Internet Archive wrote. “Our priority is ensuring the Internet Archive comes online stronger and more secure.”