TechTarget and Informa Tech’s Digital Business Combine.TechTarget and Informa
Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.
This latest breach was through Zendesk, a customer service platform that the organization uses.
October 21, 2024
Just a few days after the Internet Archive told the public it was getting back on its feet after a data breach and a barrage of distributed denial-of-service (DDoS) attacks forced it to go offline, the digital library website is once again in trouble.
Unknown bad actors have allegedly claimed access tokens to the archive's Zendesk implementation, using them to send a mass email on Oct. 20 to those who tried to interact with the archive's platform.
"Internet Archive did not secure its authentication tokens, which enabled unauthorized access to their Zendesk instance," a Zendesk spokesperson told Dark Reading. "It’s important to note that there is no evidence this was a Zendesk issue and that Zendesk did not experience a compromise of its platform. We have since worked together with Internet Archive to secure their account."
The hacker's email to archive users began as follows:
"It's dispiriting to see that even after being made aware of the breach two weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets," the hacker stated. “As demonstrated by this message, this includes a Zendesk token with perm[ission]s to access 800K+ support tickets sent to [email protected] since 2018."
The email continued, "Whether you were trying to ask a general question or requesting the removal of your site from the Wayback Machine — your data is now in the hands of some random guy. If not me, it'd be someone else."
Though it can’t be said for certain, Chris Hickman, chief security officer (CSO) of Keyfactor, said the hacker may not have serious malicious intent, but instead wants to prove a point: that those in charge of the Internet Archive must be more proactive in protecting its network from those who would do much worse.
"This is a security oversight as tokens that are not rotated regularly have longer lifespans, increasing the window of opportunity for attackers to steal and misuse them," Hickman wrote in an emailed statement to Dark Reading. "If a token is not rotated correctly, it might expire, leading to authentication failures for legitimate users. If a malicious actor obtains an unrotated token, they could use it to gain unauthorized access to systems or services, leading to service disruptions and customer frustration, damaging a company's reputation and bottom line."
The organization hasn't made any public comments regarding the latest breach, but it did request donations last week to help support its endeavors of promoting open access to knowledge resources.
Dark Reading Staff
Dark Reading
Dark Reading is a leading cybersecurity media site.
You May Also Like
Securing Your Cloud Data Across the Attack Timeline
The Artificial Future Trend Micro Security Predictions for 2025
Managing Third-Party Risk Through Situational Awareness
2024 InformationWeek US IT Salary Report
Securing Your Cloud Data Across the Attack Timeline
The Artificial Future Trend Micro Security Predictions for 2025
Delivering Incident Response Excellence: How Wipro enhances customer services with automated investigation and response
From security alert to action: Accelerating incident response with automated investigations
Enhancing Cybersecurity: The Critical Role Of Software Security Training
Frost Radar: Cloud Security Posture Management, 2024
Purple AI Datasheet
Copyright © 2024. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.
Français 
English