Internet Archive Hit by Cyber-Attacks, Data Breach Exposes 800 Tickets
The Internet Archive has been hit by a series of cyber-attacks, including data breaches and DDoS attacks, over the past week. The organization, which preserves digital content, has faced challenges managing access relationships, as highlighted by Ev Kontsevoy, CEO of Teleport. Meanwhile, a pro-Palestinian hacktivist group, BlackMeta, has claimed responsibility for some of the attacks.
The attacks began with DDoS attacks and website defacement, followed by a data breach that exposed more than 800 support tickets. The Internet Archive has faced security issues before, but this latest incident has raised concerns about access management. Ev Kontsevoy commented on the challenge of rotating API keys after a breach, emphasizing the importance of managing access relationships.
The breach was allegedly facilitated by an exposed GitLab configuration file on a development server. This file contained an authentication token that provided access to the Internet Archive's source code and Zendesk API tokens. An email sent to users and media outlets included a stolen Zendesk access token from an unauthorized source, further compounding the security issue. Security researcher Vx-underground suggested that attackers may still maintain persistent access to the Internet Archive's systems.
The Internet Archive is currently investigating the data breach and working to secure its systems. While BlackMeta has claimed responsibility for the DDoS attacks, the data breach could be attributed to a different threat actor. The organization has faced another security issue after recovering from previous cyber-attacks, highlighting the ongoing challenge of maintaining robust digital security.
