The Internet Archive is facing renewed security woes after a threat actor exploited exposed GitLab authentication tokens to gain access to the organization’s Zendesk email support system.
Recap of Previous Breach:
- Earlier in October, the Internet Archive reported a data breach affecting 33 million users.
- This breach was separate from a DDoS attack attributed to the pro-Palestinian group SN_BlackMeta.
- Security researchers at BleepingComputer previously warned the Internet Archive about exposed GitLab tokens but received no response.
Hackers used the stolen GitLab tokens to access the Internet Archive’s Zendesk platform. This access allowed them to send emails seemingly from legitimate Internet Archive email addresses. The emails targeted users who previously submitted support tickets or data removal requests. The emails claimed the Internet Archive failed to rotate compromised access tokens, putting user data at risk.
The extent of data accessed by the attackers remains unclear. Depending on the Zendesk API access level, user data in support tickets, including potential attachments like personal identification documents, might have been compromised.
Experts believe the attack was not financially motivated but rather a ploy for “cyber street cred” within the hacking community. Stolen data may be traded or leaked on hacking forums, posing further risks to Internet Archive users. The repeated security breaches raise serious concerns about the Internet Archive’s commitment to user data protection.
The Internet Archive’s handling of the recent security breaches highlights the critical importance of robust cybersecurity practices and transparency. Users who previously submitted support tickets or data removal requests to the Internet Archive should be extra vigilant and consider changing any potentially exposed information.