The Internet Archive is still under attack two weeks after suffering a data breach and DDoS attacks that took the website down.
How do we know?
Because the hacker just responded to Mashable's email that we went to the Internet Archive to find out more about the hack. The hacker was able to respond via Internet Archive's Zendesk, an online service that helps companies respond to users' support queries.
The hacker responds through Internet Archive
Earlier this month, Internet Archive suffered multiple cyberattacks that ended up taking the entire platform, including The Wayback Machine which archives websites throughout the years, offline.
While a group known as SN-Blackmeta took responsibility for the DDoS attacks, the attacker behind the data breach has remained anonymous. It's unconfirmed whether that anonymous hacker is also behind the latest Internet Archive breach.
The attacker claims that they have access to all of the more than 800,000 support tickets sent to Internet Archive since 2018.
"It's dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets," the hacker wrote on Sunday through Zendesk to our email that we sent to Internet Archive on October 10.
"As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to [email protected] since 2018," they continued.
Chief Security Officer Chris Hickman of the cybersecurity company Keyfactor explained to Mashable why the rotating API key issue played such an important role here.
"This is a security oversight as tokens that are not rotated regularly have longer lifespans, increasing the window of opportunity for attackers to steal and misuse them," Hickman said. "If a malicious actor obtains an unrotated token, they could use it to gain unauthorized access to systems or services."
And it appears that's what happened.
The Internet Archive's bad month continues
In the initial attack earlier this month, the hacker shared that they had accessed emails, screen names, and encrypted passwords for 31 million Internet Archive users. However, in this most recent attack, the attacker now shared that they have more than 800,000 support tickets shared between Internet Archive users and the non-profit group. These support tickets could contain even further sensitive information as users who requested that their content be removed from the Internet Archive had to oftentimes provide identification.
In an age where everyone seems to disagree about everything on the internet, there's one thing that most people seem to agree with: The Internet Archive is an amazing tool that provides online library services at no-cost to users. Many were shocked when their site was attacked earlier this month.
The Internet Archive was able to get parts of its website back up and running last week. However, it seems like significant damage has been done.
"Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine—your data is now in the hands of some random guy. If not me, it'd be someone else," the hacker said in its reply to Mashable's contact. "Here's hoping that they'll get their shit together now."
Topics Cybersecurity