BleepingComputer reports that Internet Archive had its Zendesk email support platform instance compromised via stolen GitLab authentication tokens just more than a week after being targeted by separate intrusions that resulted in the theft of data belonging to 33 million users and a distributed denial-of-service attack.
Internet Archive's latest breach was noted by the threat actor to have stemmed from the digital library nonprofit's failure to rotate its authentication tokens. "It's dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets. As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to [email protected] since 2018," said the threat actor in emails, which also indicated the exfiltrated data to be held by a "random" person. Such emails from the attacker follow BleepingComputer's persistent notifications to Internet Archive warning about source code theft from a GitLab authentication token that has been accessible to anyone for nearly two years.
