Breach, Identity

Hacked access tokens leveraged to breach Internet Archive anew

Share
Encryption your data. Digital Lock. Hacker attack and data breach. Big data with encrypted computer code. Safe your data. Cyber internet security and privacy concept. Database storage 3d illustration

BleepingComputer reports that Internet Archive had its Zendesk email support platform instance compromised via stolen GitLab authentication tokens just more than a week after being targeted by separate intrusions that resulted in the theft of data belonging to 33 million users and a distributed denial-of-service attack.

Internet Archive's latest breach was noted by the threat actor to have stemmed from the digital library nonprofit's failure to rotate its authentication tokens. "It's dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets. As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to [email protected] since 2018," said the threat actor in emails, which also indicated the exfiltrated data to be held by a "random" person. Such emails from the attacker follow BleepingComputer's persistent notifications to Internet Archive warning about source code theft from a GitLab authentication token that has been accessible to anyone for nearly two years.

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.