In October 2024, the Internet Archive, a well-known non-profit digital library, experienced its third significant security breach. This cyberattack targeted unrotated Zendesk API tokens, allowing hackers to access the platform that handles user support tickets. Despite two previous breaches and repeated warnings, the organization had not fully secured its systems, leaving these tokens vulnerable to further exploitation.
As a result, the attackers accessed and possibly downloaded sensitive support data, including personal identification documents submitted by users. This breach followed two other significant attacks earlier in October, increasing the damage to the Archive’s infrastructure.
What is the Internet Archive?
The Internet Archive, established in 1996 by Brewster Kahle, is a non-profit organization with a mission to provide “universal access to all knowledge.” Known for its Wayback Machine, the Archive preserves websites, allowing users to view them as they appeared in the past. This resource is invaluable for researchers, historians, and the general public. Beyond websites, the Archive also hosts millions of digital items, including books, music, audio files, videos, and software.
Timeline of the Breaches
1. First Breach: October 9, 2024
Hackers gained access to the Archive’s source code by exploiting an exposed GitLab token, which had been vulnerable since 2022. This breach affected 31 million users, exposing sensitive information like Bcrypt-hashed passwords and email addresses. Concurrently, a pro-Palestinian group launched a DDoS attack, overwhelming the Archive’s servers and temporarily taking the site offline.
2. Second Breach: Mid-October 2024
Hackers exploited unrotated access tokens again, this time gaining access to the Archive’s Zendesk support platform. These tokens allowed unauthorized access to support tickets dating back to 2018, some containing personal identification documents. This incident revealed significant gaps in the Archive’s token management practices.
3. Third Breach: October 20, 2024
The most recent Internet Archive breach mirrored the previous two attacks, with hackers exploiting the same unrotated Zendesk API tokens. This failure to update or replace tokens gave the attackers ongoing access to sensitive user data.
Why Was the Internet Archive Targeted?
The motivation behind these breaches seems to be reputational rather than financial. Hackers often target well-known organizations to gain “cyber street cred” within underground communities. The Internet Archive, a significant digital repository, became an attractive target for attackers seeking to build their reputations. Although no ransom demands were made, the stolen data increases the risk of phishing attacks and identity theft.
Conclusion
Currently, the phrase “I stand with @internetarchive” has been trending on X (formerly known as Twitter) as a show of support for the Internet Archive in light of its recent cyberattacks. Their reputation for providing free internet resources has given them quite the backing. However, the Internet Archive’s series of breaches highlights the risks of failing to rotate access tokens and implement robust security practices. As the organization works to recover, these attacks serve as a reminder of the importance of cyber hygiene, particularly for platforms that handle sensitive user data.
