Internet Archive Faces Third Security Breach in Escalating Cyberattack Series
On October 20, 2024, the Internet Archive confirmed a third significant breach as part of a concerning trend of cyberattacks against the nonprofit digital library, which is based in the United States. The latest compromise resulted from hackers exploiting a series of unrotated Zendesk API tokens, thereby gaining unauthorized access to the Archive’s support platform. These tokens, intended as digital keys for secure communication, had been previously exposed in earlier incidents, raising alarms about the organization’s cybersecurity measures.
Despite earlier warnings and two prior security incidents within the same month, the Internet Archive had not adequately secured its systems. As a result, attackers managed to access and potentially download sensitive support data, including personal identification documents submitted by users seeking content removal from Archive services. The ongoing vulnerability illustrates a critical failure in the Archive’s token management practices, particularly concerning the need for regular rotation of access tokens to mitigate exposure risks.
This breach is the third in a sequence of attacks that have plagued the Internet Archive in October 2024. The most significant incident occurred on October 9, when a dual attack engaged an exposed GitLab token, which had been vulnerable since late 2022. This initial breach compromised the Archive’s source code and exposed sensitive user data, ultimately affecting 31 million users. At the same time, a separate Distributed Denial of Service (DDoS) attack led by a group named SN_BlackMeta overwhelmed the Archive’s servers, further disrupting access for legitimate users.
Following closely, in mid-October, the second breach leveraged unrotated access tokens to infiltrate the Archive’s Zendesk support platform. Attackers gained entry to thousands of support tickets dating as far back as 2018, which may have contained sensitive information. The pattern established by these incidents underscores a troubling lack of security foresight, highlighting the consequences of neglecting routine cybersecurity practices.
The potential motivations behind these breaches reflect a broader trend; rather than being purely financially driven, these attacks often aim to bolster the attackers’ reputations within underground hacking communities. By targeting a well-known organization like the Internet Archive, hackers can gain “cyber street cred” while exposing vast quantities of data, which can subsequently be leveraged for various malicious purposes, including phishing attempts and identity theft.
The breaches may involve several MITRE ATT&CK tactics, particularly those related to initial access and credential dumping. The exploitation of exposed GitLab tokens and the unrotated Zendesk tokens serve as prime examples of initial access vectors utilized by adversaries. The persistence of vulnerabilities within the Internet Archive’s infrastructure allowed attackers to maintain access over time, reinforcing concerns about the organization’s ability to address security weaknesses effectively.
At present, attempts to gain further comment from the Internet Archive have been unsuccessful. However, discussions on social media platforms such as X (formerly Twitter) have emerged, with supportive messages circulating in solidarity with the Archive amid these troubling security incidents. Following recent attacks, many stakeholders within the digital rights community have rallied around the idea of preserving the Archive’s mission to provide free and universal access to knowledge.
As the Internet Archive continues to navigate the fallout from these breaches, the importance of robust cybersecurity measures cannot be overstated. Organizations are reminded of the necessity for stringent token management policies and the implementation of comprehensive security practices to guard against similar vulnerabilities that can lead to extensive data compromises. For those interested in supporting the Internet Archive’s ongoing mission, the organization provides avenues for donations directly through its official website.
As the situation develops, business professionals and stakeholders in the digital landscape should remain vigilant, utilizing insights from past incidents to fortify their defenses against an increasingly hostile cyber environment.
