The Internet Archive confirmed its third significant security breach within the month, highlighting a troubling pattern of escalating cyberattacks. This latest incident involved hackers exploiting unrotated Zendesk  API tokens, which allowed unauthorized access to the platform managing user support tickets. Despite prior warnings and multiple breaches earlier in October, the organization failed to secure its systems adequately, leaving sensitive user data vulnerable to exploitation.

 

A Series of Attacks

The recent breach is part of a broader wave of cyberattacks that began on October 9, 2024. During this initial incident, hackers executed a dual assault involving a data breach and a Distributed Denial of Service (DDoS) attack. They took advantage of an exposed GitLab token that had been vulnerable since late 2022, gaining access to the Internet Archive’s source code and compromising personal information from approximately 31 million users. This included email addresses and hashed passwords.

Simultaneously, a pro-Palestinian group named SN_BlackMeta  launched a DDoS attack that overwhelmed the Archive’s servers, temporarily disrupting access to its services. While these two attacks occurred concurrently, they were orchestrated by different groups, complicating the narrative surrounding the breaches.

 

The Second Breach: Mid-October

Following the initial breach, a second incident occurred in mid-October. Hackers again exploited unrotated access tokens to gain unauthorized entry into the Internet Archive's Zendesk support platform. This breach allowed attackers to access thousands of support tickets dating back to 2018, potentially exposing sensitive personal identification documents submitted by users.

The failure to rotate API tokens after earlier warnings underscored critical flaws in the Archive’s security practices. These oversights not only facilitated unauthorized access but also highlighted the organization’s inadequate response to previous incidents.

 

The Latest Breach: October 20

The most recent breach on October 20 continued the trend of exploiting unrotated Zendesk API tokens. By failing to replace these compromised tokens, the Internet Archive allowed attackers to maintain access to its support platform, where sensitive user data was stored. This included support tickets containing personal identification documents from users requesting content removal from the Archive's services.

The repeated exploitation of the same vulnerabilities raises serious questions about the effectiveness of the Internet Archive's cybersecurity measures and its ability to protect user data.

 

Implications for Users

The ramifications of these breaches are profound. If sensitive documents and personal information were accessed and downloaded by hackers, affected users face heightened risks of identity theft and fraud. The potential for phishing attacks also increases as cybercriminals may leverage stolen data to craft convincing fraudulent communications.

The Internet Archive serves as a crucial resource for millions of researchers, historians, and the general public. With its mission centered around providing universal access to knowledge, these security lapses jeopardize not only user trust but also the integrity of its vast digital repository.

 

Motivations Behind the Attacks

While financial gain is often a primary motivator for cyberattacks, this series appears driven more by reputational factors within underground hacker communities. By breaching a well-known organization like the Internet Archive, hackers can enhance their status among peers while exposing significant vulnerabilities in public institutions.

No ransom demands have been reported; however, the stolen data poses risks for future phishing attempts and identity theft. The ongoing attacks suggest that hackers are keenly aware of the Archive's importance as a digital repository and are exploiting its vulnerabilities for notoriety rather than monetary gain.

 

Response from the Internet Archive

As of now, efforts are underway at the Internet Archive to bolster security measures in light of these breaches. The organization has temporarily shut down parts of its site while it works on restoring services securely. Founder Brewster Kahle has emphasized a careful approach to rebuilding defenses and ensuring that such incidents do not recur in the future.

In light of these events, users are encouraged to remain vigilant about their personal information and be aware of potential phishing attempts that may arise following these breaches.

 

Conclusion

The recent series of cyberattacks on the Internet Archive underscores a growing threat landscape for nonprofit organizations dedicated to preserving digital history. With multiple breaches occurring within weeks of each other, it is imperative for such institutions to prioritize cybersecurity measures and protect user data effectively. As this situation develops, both users and stakeholders will be closely monitoring how the Internet Archive addresses these vulnerabilities moving forward.