The Internet Archive has recently experienced another cyber intrusion, marking the third significant security breach in October 2024. On October 20, threat actors managed to exploit unrotated API tokens, gaining unauthorized access to the organization’s Zendesk support platform and potentially exposing sensitive user information.
This breach follows two earlier attacks within the same month, indicating persistent vulnerabilities within the nonprofit digital library. The attackers accessed support tickets dating back to 2018, which may include users’ personal identification documents, posing a risk to data privacy and integrity.
The breach was made possible due to the Internet Archive’s failure to rotate API tokens for its Zendesk system, despite prior knowledge of existing security weaknesses. This lack of mitigation allowed the hackers to maintain access to the support platform, endangering user data. Such oversights can often correlate with the MITRE ATT&CK framework’s tactics, particularly under the categories of initial access, persistence, and credential access.
The Internet Archive, founded in 1996, serves as an essential resource for researchers and historians, with its Wayback Machine preserving snapshots of the web over time. As of September 2024, it housed over 42.1 million print materials, 13 million videos, 1.2 million software programs, and an impressive 866 billion web pages.
The recent attacks began on October 9 when hackers exploited a vulnerability involving an exposed GitLab token, compromising the Archive’s source code and user database, affecting approximately 31 million users. This initial incident was succeeded by a Distributed Denial of Service (DDoS) attack that further disrupted the organization’s operations.
Cybersecurity professionals have raised significant concerns regarding these repeated breaches and the Archive’s ongoing struggles to secure its systems effectively. In response to these incidents, Brewster Kahle, the founder of the Internet Archive, has acknowledged the organization’s security challenges and is working towards enhancing its protective measures.
However, the sequence of breaches has sparked questions about the Archive’s ability to safeguard its vast repository of data. As the organization actively addresses these security vulnerabilities, it is advised that users remain vigilant and monitor their accounts for any unusual activities.
In light of the current security landscape, business owners and tech professionals must recognize the increasing sophistication of threats and the necessity for stringent security protocols to safeguard sensitive information. Adopting proactive measures can significantly mitigate risks associated with data breaches and reinforce overall cybersecurity resilience.
