The Internet Archive, a non-profit digital library, has been hit by another cyberattack just two weeks after a previous data breach and DDoS attacks took the website offline. The hacker responsible for the latest breach responded to an email from Mashable, revealing they have access to over 800,000 support tickets sent to the organization since 2018. These tickets could contain sensitive information, as users often provide identification when requesting content removal from the Wayback Machine.
The initial attack exposed emails, screen names, and encrypted passwords for 31 million users. This time, the hacker claims to have obtained API keys that were not rotated regularly, allowing them to access the support tickets. Chief Security Officer Chris Hickman of Keyfactor explained that unrotated tokens increase the window of opportunity for attackers to misuse them, potentially gaining unauthorized access to systems or services.
The Internet Archive’s security oversight is disconcerting, especially given the platform’s importance as a free online library. The recent attacks have caused significant damage, with the hacker stating that users’ data is now in their hands. The organization was able to restore parts of its website last week, but the full extent of the damage remains unclear.
The hacker, who took responsibility for the DDoS attacks earlier this month, is believed to be the same individual behind the data breach. They shared that they have access to all of the more than 800,000 support tickets sent to Internet Archive since 2018. “It’s dispiriting to see that even after being made aware of the breach two weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets,” the hacker wrote in their response to Mashable’s email.
Mashable sent an email to Internet Archive on October 10 to inquire about the hack, and the hacker responded through Zendesk, an online service that helps companies respond to users’ support queries. The hacker’s message demonstrated the severity of the situation, stating, “As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to [email protected] since 2018.”
Chris Hickman of Keyfactor explained why the rotating API key issue played such an important role in the breach. “This is a security oversight as tokens that are not rotated regularly have longer lifespans, increasing the window of opportunity for attackers to steal and misuse them,” he said. “If a malicious actor obtains an unrotated token, they could use it to gain unauthorized access to systems or services.”
The Internet Archive’s bad month continues, with the latest attack revealing that the hacker has access to over 800,000 support tickets shared between Internet Archive users and the non-profit group. These tickets could contain even further sensitive information, as users who requested that their content be removed from the Wayback Machine had to provide identification.
The Internet Archive was able to get parts of its website back up and running last week. However, it seems like significant damage has been done. “Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine—your data is now in the hands of some random guy. If not me, it’d be someone else,” the hacker said in their reply to Mashable’s contact. “Here’s hoping that they’ll get their shit together now.”
Citation: Binder, M. (2024, October 21). Internet Archive hacked again: We know because the hacker responded to our email to the Archive. Mashable. https://mashable.com/article/internet-archive-still-being-hacked-support?test_uuid=01iI2GpryXngy77uIpA3Y4B&test_variant=a
