Internet Archive faces major cybersecurity breach amid targeted attacks
Security experts warn that malicious actors may still have access and highlight the importance of a swift security audit.
The Internet Archive, the world’s largest digital library, is facing new security troubles after recently recovering from a series of cyber-attacks. On 20 October, users and media outlets reported receiving an email that appeared to come from the Internet Archive Team, revealing a stolen access token for the library’s Zendesk account, a customer service platform. The email claimed the Internet Archive had failed to rotate several exposed API keys, including one that allowed access to over 800,000 support tickets since 2018.
The email, although unauthorised, seemed legitimate as it passed security checks, indicating it might have come from an official Zendesk server. Security experts, including the group Vx-underground, believe the hackers still have persistent access to the Archive’s systems, sending a clear message about unresolved vulnerabilities. Jake Moore, a cybersecurity advisor at ESET, stressed the importance of swift audits after such attacks, warning that attackers often return to test new defences.
The recent cyber-attacks on the Internet Archive included distributed denial-of-service (DDoS) attacks, website defacement, and a data breach. While the pro-Palestinian hacktivist group BlackMeta claimed responsibility for the DDoS attacks, the data breach involved a separate threat actor. According to reports, the breach was caused by an exposed GitLab configuration file, allowing the hacker to download source code and access sensitive information, including the Zendesk API tokens.
Experts warn that the attack may have compromised over 800 support tickets. Despite criticism for not rotating API keys, Internet Archive faces significant challenges in fully understanding the extent of the breach and preventing further exploitation. Ev Kontsevoy, CEO of Teleport, emphasised the importance of having a clear view of access relationships to manage incidents without widespread disruption.
The Internet Archive and its founder, Brewster Kahle, have not publicly commented on the issue. Both Internet Archive and GitLab have also yet to respond to requests for more information.
The situation remains ongoing as the digital library works to address the security flaws that continue to leave it vulnerable.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.