10/21 Update: Internet Archive Hit By Second Breach
Internet Archive has fallen victim to another security breach, barely two weeks after a cyberattack compromised 33 million user accounts.
This latest incident involves unauthorized access to the organization’s Zendesk email support platform, potentially exposing over 800,000 support tickets dating back to 2018.
Breach Details
According to reports from BleepingComputer, the attackers gained entry using stolen GitLab authentication tokens that had not been adequately rotated following the initial breach.
The hackers sent emails to users who had previously submitted removal requests, brazenly demonstrating their access to the support system.
One of the hackers’ emails reads:
“It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.”
Most concerning is the potential exposure of personal identification documents, which some users were required to submit when requesting page removals from the Wayback Machine.
Attack Methodology
The breach’s origins can be traced to an exposed GitLab configuration file on one of the Internet Archive’s development servers.
This file, containing an authentication token, had reportedly been accessible since at least December 2022.
The attackers could download the organization’s source code using this token, revealing additional credentials and authentication tokens.
This compromised data allowed hackers to access the Internet Archive’s database management system, which allowed them to modify the site.
Motivations
While the full extent of the breach remains unclear, the attackers claim to have exfiltrated seven terabytes of data from the Internet Archive.
Unlike many high-profile cyberattacks, this breach has been motivated by a desire for clout rather than financial gain.
The attackers reportedly aimed to increase their “cyber street cred” within hacking communities by taking down the Internet Archive.
Ongoing Recovery Efforts
An insider report published on Reddit offers a first-hand look at the Internet Archive’s efforts to restore security:
“The teams have getting the site back secure and safe as the number one priority. They have taken no days off this past week. They are taking none this weekend… The developers and admins, this is all they are doing.”
The same source indicated a strong likelihood that the Internet Archive will implement additional security measures, such as Cloudflare, to prevent future attacks.
10/14 Update: Internet Archive Back Online, But Limited
The Internet Archive is up again in read-only mode. The digital library is slowly recovering after a cyberattack on October 9 that exposed 31 million user records.
Key updates:
- Wayback Machine is searchable but can’t capture new pages
- Staff emails and National Library crawlers are restored
- The site may go offline again for further security upgrades
Founder Brewster Kahle says it’s “safe to resume” using the site.
The @internetarchive’s Wayback Machine resumed in a provisional, read-only manner.
Sorry, no Save Page Now yet.
Safe to resume but might need further maintenance, in which case it will be suspended again.
Please be gentle https://t.co/sb5tlvxQ26
More as it happens.
— Brewster Kahle (@brewster_kahle) October 14, 2024
Users should update passwords if they haven’t already.
The original story continues below.
The Internet Archive has been hit by a cyberattack, compromising the personal data of over 31 million users.
The nonprofit organization, known for its Wayback Machine service, which archives web pages, is grappling with the aftermath of the sophisticated attack.
Breach Details
On October 9, visitors to the Internet Archive’s website were greeted with a pop-up message indicating a security breach.
A hacker group operating under the name SN_BlackMeta has claimed responsibility for the attack, stating on social media platform X (formerly Twitter) that they had launched “several highly successful attacks” against the Archive.
The breach exposed user records, including email addresses, screen names, and bcrypt-hashed passwords.
Troy Hunt, founder of the data breach notification service Have I Been Pwned, confirmed receiving a database containing information on 31 million unique email addresses associated with the Internet Archive.
Ongoing Disruption
The Internet Archive’s website and Wayback Machine service remain inaccessible as of this writing.
This outage is concerning given Google’s recent integration of Wayback Machine links into its search results, a feature announced just last month to enhance access to historical web content.
The timing of this attack could potentially disrupt Google’s new feature, which was designed to provide users with easy access to archived versions of web pages directly from search results.
Response From Internet Archive
Brewster Kahle, founder and digital librarian of the Internet Archive, acknowledged the breach in a post on X, stating:
“What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.”
Kahle is saying that while they were attacked in several ways, they’re actively working to fix the problems and make their systems safer.
However, user data was compromised, so users should be cautious and change their passwords.
The organization is actively working to restore its services and secure its systems, but the full extent of the damage remains unclear.
Why This Matters
The attack on the Internet Archive is troubling, given its role in preserving digital content.
Founded in 1996, the organization aims to provide “universal access to all knowledge” and has become a resource for researchers and journalists.
While the exact motivations behind the attack remain unclear, cybersecurity experts speculate that the attackers may have been searching for specific information or attempting to alter historical records.
This serves as a reminder of the vulnerabilities in digital infrastructure, even for organizations dedicated to preserving it.
Looking Ahead
This attack compromises user data and temporarily denies access to an invaluable resource for internet users worldwide.
As the Internet Archive continues its recovery efforts, users are advised to change their passwords and remain vigilant for any potential misuse of their personal information.
Featured Image: Piotr Swat/Shutterstock
