This latest breach was through Zendesk, a customer service platform that the organization uses.
Just a few days after the Internet Archive told the public it was getting back on its feet after a data breach and a barrage of distributed denial-of-service (DDoS) attacks forced it to go offline, the digital library website is once again in trouble.
Unknown bad actors have allegedly claimed access tokens to the archive’s Zendesk implementation, using them to send a mass email on Oct. 20 to those who tried to interact with the archive’s platform.
“Internet Archive did not secure its authentication tokens, which enabled unauthorized access to their Zendesk instance,” a Zendesk spokesperson told Dark Reading. “It’s important to note that there is no evidence this was a Zendesk issue and that Zendesk did not experience a compromise of its platform. We have since worked together with Internet Archive to secure their account.”
The hacker’s email to archive users began as follows:
“It’s dispiriting to see that even after being made aware of the breach two weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets,” the hacker stated. “As demonstrated by this message, this includes a Zendesk token with perm[ission]s to access 800K+ support tickets sent to [email protected] since 2018.”
The email continued, “Whether you were trying to ask a general question or requesting the removal of your site from the Wayback Machine — your data is now in the hands of some random guy. If not me, it’d be someone else.”
Though it can’t be said for certain, Chris Hickman, chief security officer (CSO) of Keyfactor, said the hacker may not have serious malicious intent, but instead wants to prove a point: that those in charge of the Internet Archive must be more proactive in protecting its network from those who would do much worse.
“This is a security oversight as tokens that are not rotated regularly have longer lifespans, increasing the window of opportunity for attackers to steal and misuse them,” Hickman wrote in an emailed statement to Dark Reading. “If a token is not rotated correctly, it might expire, leading to authentication failures for legitimate users. If a malicious actor obtains an unrotated token, they could use it to gain unauthorized access to systems or services, leading to service disruptions and customer frustration, damaging a company’s reputation and bottom line.”
The organization hasn’t made any public comments regarding the latest breach, but it did request donations last week to help support its endeavors of promoting open access to knowledge resources.
