Internet Archive continues to be in trouble as, according to unnamed claims made on Sunday, it suffered a secondary breach days after falling prey to a security incident that exposed 31 million unique user authentication records.
The second breach came to light as a bunch of users, requesting to have their data removed from the hacked “Wayback Machine,” received emails routed through the compromised ZenDesk mailer confirming the non-profit library has been hacked and that it is doing nothing about it.
“It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their Gitlab secrets,” the threat actor wrote in the message that was sent to the users from the hacked Zendesk mailer.
The threat actor, who this time used the hack to send out a mass email blast, emphasized that the emails themselves were possible owing to Internet Archive’s oversight as the used ZenDesk token was part of the stolen database.
On October 9, news of an Internet Archive breach broke out with reports of miscreants scooping up a 6.4 GB SQL file from the Wayback machine servers, amounting allegedly to 31 million unique user data.
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” read a JavaScript alert shown on the compromised archive.org site.
Hours later, Brewster Kahle, group chairman at the Internet Archive confirmed the attack on X. “Sorry, but DDOS folks are back and knocked http://archive.org and http://openlibrary.org offline,” he said in the post. “@internetarchive is being cautious and prioritizing keeping data safe at the expense of service availability.”
In a follow-up post, however, Kahle said “DDoS fended-off for now.” It was done, he clarified, by disabling the affected JS library, scrubbing systems, and upgrading security.
In the emails that users received on Sunday, the threat actor said the stolen tokens could still be used since Internet Archive has still not rotated them. This included “a ZenDesk token with permissions to access 800k+ support tickets sent to info@archive.org since 2018.”
It is important to note that a large number of registered users is still at risk until at least the said rotation is performed. The hacked database holds authentication details for registered users, such as their email addresses, screen names, password modification timestamps, Bcrypt-hashed passwords, and other internal information.
“Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine-your data is now in the hands of some random guy. If not me, it’d be someone else,” the email added.
Shweta Sharma is a senior journalist covering enterprise information security and digital ledger technologies for IDG’s CSO Online, Computerworld, and other enterprise sites.
Sponsored Links
English 
Français