The Internet Archive has once again been the victim of a cyber breach. This time, the attack targeted the organisation’s Zendesk email support platform following a failure to rotate stolen GitLab authentication tokens. The latest incident exposes about 7TB of sensitive support ticket data since 2018, raising serious concerns about IA’s security practices.
On October 9th, multiple Internet Archive users began receiving alarming emails regarding their previous support requests. These emails, verified through authentication protocols such as DKIM, DMARC, and SPF, came from IA’s authorised Zendesk server.
They revealed that a threat actor accessed over 800,000 support tickets, potentially including personal identification documents uploaded by users during requests for content removal from the Wayback Machine.
The breach was linked to stolen GitLab authentication, which the Internet Archive was warned about weeks prior, reports Bleeping Computer. Despite this the organisation failed to rotate many of the exposed API keys.
According to the hacker, the failure to secure these credentials led to unauthorised access to the Zendesk system. “It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets,” the hacker said in an email.
This breach is part of a larger security crisis that began with the exposure of a GitLab configuration file on IA’s development server. The file, which included an authentication token, had been publicly accessible for nearly two years, dating back to December 2022. Using this token, the hacker accessed the organisation’s source code, downloaded user data, and compromised additional services, including the Zendesk platform.
Cybersecurity experts are still unsure about the full extent of the breach. They have also warned that the possibility of further exploitation of this data is real and concerning. The data may also end up on various hacking forums and underground networks.
Earlier, the Internet Archive suffered a cyber attack that compromised the personal data of 33 million users. This attack occurred in tandem with a DDoS attack by a threat actor known as SN_BlackMeta. However, SN_BlackMeta was not responsible for the data breach but only for DDoS attacks.
In the News: Delhi HC issues an official investigation into WazirX