Internet Archive suffers yet another cyberattack

21 Oct 2024

Image: © sharafmaksumov/Stock.adobe.com

Internet Archive founder Brewster Kahle highlighted a recent wave of attacks on libraries and archives across the globe and hopes that they are ‘not indicative of a trend’.

Internet Archive, the non-profit behind the ‘Wayback Machine’ suffered another cyberattack, closely following a wave of attacks by hackers earlier this month.

This time, hackers were able to gain access to the platform that manages the Archive’s support tickets by exploiting unrotated Zendesk API tokens – or tokens that haven’t been updated. Keeping a token unrotated for long means that they become less secure.

Despite prior warnings and multiple attacks, the service was unable to secure its systems adequately to wade off more breaches. As a result, bad actors may now have access to and can potentially download personal information submitted by thousands of Internet Archive users to its support platform.

BleepingComputer published an email sent by a threat actor to site users who had previously interacted with its support platform.

“It’s dispiriting to see that even after being made aware of the breach weeks ago, [Internet Archive] has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets.

“Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine – your data is now in the hands of some random guy. If not me, it’d be someone else.”

Archive services are slowly resuming, with many still in read-only mode. Currently, the Wayback Machine, Archive-It and the IA blog are reactivated.

Brewster Kahle, founder of the Internet Archive, posted to the website’s blog on Friday (18 October) and said that the Internet Archive team is working to bring services back online.

“We’re taking a cautious, deliberate approach to rebuild and strengthen our defences. Our priority is ensuring the Internet Archive comes online stronger and more secure.”

In the blog, Kahle highlighted a recent wave of attacks on libraries and archives across the globe and said “we hope these attacks are not indicative of a trend”.

Jake Moore, a global cybersecurity adviser with ESET said that a “failure to clean up any exposed vulnerabilities, such as breached tokens, can lead to further problems” such as the latest breach.

“Threats actors, including both the original attackers and new groups testing their (if any) new security, will continue to target a platform until a full patch is delivered and working.”

This new attack on Internet Archive follows a wave of cyberattacks earlier this month that compromised the data of 31m users. Around the same time, the website also suffered a DDoS attack that disrupted services.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Suhasini Srinivasaragavan is a sci-tech reporter for Silicon Republic

editorial@siliconrepublic.com