Update 21/10/2024 — Following the hack in early October, the Internet Archive faces another security incident. Cybercriminals launched an email campaign following the new attack.
Several users who contacted the Internet Archive received an email last weekend. “It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets,” the hacker said in the email. The cybercriminal claims he was able to obtain user data via a Zendesk token, which gives access to more than 800,000 support tickets. These could include tickets with general questions or removal requests.
The email passed all authentication checks, showing that it was sent via a Zendesk server. The user reported to BleepingComputer that a recipient was asked to upload files for personal identification. Depending on access to Zendesk’s API, the hacker might also have access to the attachments.
Original – Hacker posts notification on Archive.org: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened!”
The Internet Archive took steps to remove the notification quickly. It posted a new message stating that the site was temporarily offline. Since then, the website has returned to full operation. Interestingly, during the mitigation steps, Brewster Kahle, the founder of Archive.org, reported that a DDoS attack hit the platform. Behind this attack was said to be the hacker collective BlackMeta.
The hacker, meanwhile, had captured 31 million account details. In his original post, he referred to evidence on the website Have I Been Pwned, a database that can be used to check if personal data has been breached. Many malicious actors share stolen data with Have I Been Pwned so that affected end users can be notified.
Have I Been Pwned has since confirmed the leak to BleepingComputer. More than a week ago, the hacker shared a 6.4 GB SQL file containing the authentication information of registered members, including email addresses, names, timestamps of password changes, and hashed passwords.
The hack presumably took place on Sept. 28, as the last password was changed on that date. Indeed, the file contains 31 million unique e-mail addresses, confirms Have I Been Pwned. The data will soon be added to the database, allowing users to enter their e-mail address to check if they have been affected.
Tip: Millions of credentials for Facebook, eBay and Yahoo leaked
Archive.org / have i been pwned / internet archive
"*" indicates required fields
OpenAI’s new artificial intelligence project, GPT-5, is behind schedu…
Customers know they have to do something with AI. But what exactly? T…
Cohesity has reached an agreement to acquire Veritas’ data protection…
Commvault is well known for backup solutions, but increasingly wants …
Microsoft unveiled a new feature at its Inspire event a few weeks ago…
A North Korean hacker campaign, “Contagious Interview,” targets software developers with fake job postings. T…
The search engine based on ChatGPT appears to be very sensitive to manipulation. This is possible with, for e…
A report by FortiGuard Labs warns of two newly discovered malicious Python packages. They pose a high risk of…
Cyber extortion claims a staggering number of victims every year, along with a growing number of active crimi…
Discover the essential strategies and imperatives to create a data an…
Some companies thrive in times of external uncertainty. They know how…
The IT department is currently under great pressure, partly because o…
As the software development life cycle becomes ever more complex and …
Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.
© 2024 Dolphin Publications B.V.
All rights reserved.
Français 
English