Internet Archive is breached again

For a digital library that touts its mission as providing “universal access to all knowledge,” the Internet Archive seems to be having a hard time keeping control over its own data. In a breach that could be described as a cautionary tale for any organization sitting on piles of sensitive user information, hackers once again made off with critical data.

The reason behind the latest Internet Archive data breach

The Internet Archive was breached via its Zendesk support platform, a critical flaw rooted in the organization’s failure to rotate stolen GitLab authentication tokens. Yes, you read that right—the same API tokens that had been compromised in a previous attack were still in play, a fact that had been pointed out by threat actors and security experts alike. As the hacker brazenly put it in a taunting email: “Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine, your data is now in the hands of some random guy. If not me, it’d be someone else.”

That stings. But what’s worse? The proof lies in the digital pudding. The email headers checked out, confirming that these messages were indeed fired off by authorized Zendesk servers. Over 800,000 support tickets were now in the hands of hackers, and some of them reportedly contained personal identification documents from removal requests. Essentially, if you tried to cover your tracks by deleting something from the Wayback Machine, those very efforts may now have exposed you.

What’s fascinating—and downright absurd—is that this wasn’t even an attack driven by monetary gain or political motivations. There were no ransom notes, no governmental intrigue. This was a flex. The hacker wanted to boost their reputation in the underworld of cyber criminals, where the currency of power is based on whose breach is bigger, more audacious, and more public. In this case, the Internet Archive was the perfect target—a well-known name, popular across the globe, but with seemingly gaping holes in its defenses.

Internet Archive is breached again (Image credit)

Sure, conspiracy theories flooded the internet, with some alleging that Israel, the U.S. government, or big corporations had a hand in the breach. But the reality? Far less glamorous. It was just a matter of opportunity and prestige among hackers. In a twisted form of irony, the very institution committed to preserving information became the latest exhibit in the museum of breached data.

This wasn’t even the first time the Archive had been hit. In fact, it was their third major breach in just the month of October. Earlier, an exposed GitLab token allowed hackers to steal the source code and user data for 33 million users. The hackers even had the audacity to deface the website’s JavaScript, flashing a message to visitors that their data had been compromised. “See 31 million of you on [Have I Been Pwned],” it read.

Details of Internet Archive breach reveal 31 million accounts got compromised

And while the organization may argue that its vast library remains intact, the digital equivalent of broken glass on the floor tells a different story. The Internet Archive has been busy dealing with more pressing issues—namely lawsuits over copyright infringement—leaving cybersecurity on the backburner.

Will they ever learn?

Despite public promises from founder Brewster Kahle to “strengthen defenses” and ensure security, the repeated incidents suggest something more systemic. Kahle himself has acknowledged these failures, stating the nonprofit is working “around the clock” to improve security, but how many times can you rebuild from the ashes before users simply stop trusting you?

Featured image credit: Markus Spiske/Unsplash