Internet Archive Hacked Again: 800,000 Users’ Data at Risk
By: Zulekha Nishad | Updated On: October 25, 2024
Table of Contents
The Internet Archive, home of the famous Wayback Machine, has been hit by a second major data breach in just two weeks.
Over 800,000 support tickets are now potentially exposed, along with sensitive user data. This breach comes after a recent attack that compromised data from 33 million accounts, sending alarm bells ringing for Archive users worldwide.
Another Breach Hits Internet Archive—What Happened?
On October 21, 2024, hackers breached the Internet Archive’s Zendesk support platform, accessing sensitive data submitted by users over the past six years.
This breach exposes over 800,000 support tickets that include personal data from users seeking help, submitting removal requests, and more.
It follows closely on the heels of a previous attack that compromised millions of accounts, raising serious questions about the Archive’s security practices.
According to reports, hackers gained access using stolen GitLab authentication tokens—tokens that, shockingly, weren’t updated after the first attack. With these tokens, the hackers could break into the Archive’s Zendesk system, where they immediately began emailing users who had requested support.
The hackers even sent direct messages highlighting the Archive’s failure to secure its tokens, with one email stating:
“It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets.”
The delay in changing these tokens was the Archive’s biggest vulnerability. If the organization had secured them following the first breach, this second attack might have been prevented entirely.
Impact on Users: Should You Be Worried?
If you’re one of the Internet Archive’s users, you probably should be. This breach exposed hundreds of thousands of support tickets, many of which contain personal information. If you submitted a support request or a removal request, especially one involving personal identification documents, your information could be at risk.
Users are advised to immediately change passwords associated with the Internet Archive and to be on the lookout for any suspicious activity in their accounts.
Since the breach disrupted access to the Archive and Wayback Machine temporarily, users will also experience some delays in accessing historical resources. For researchers, journalists, and everyday users, this disruption is far from trivial.
Inside the Internet Archive’s Struggle to Secure Itself
Right now, the Internet Archive’s IT team is working nonstop to resolve these security lapses. An insider on Reddit shared details about their efforts, revealing that staff are on full-time alert and working through weekends to address the breaches.
Here’s what’s happening behind the scenes:
- Around-the-Clock Security Work: Developers and administrators are putting in overtime to identify and fix vulnerabilities in the Archive’s security setup.
- Plans for Additional Protections: There are talks of adding Cloudflare and other security measures to protect the system from future breaches.
However, until these protections are in place, user data remains exposed, and the Archive’s ability to prevent further attacks is still uncertain.
What the Internet Archive Needs to Do Now
To move forward, the Internet Archive must not only secure its systems but also restore user confidence, which has been seriously shaken.
Here’s what we can expect going forward:
- Stricter Security Protocols: Token rotation, regular audits, and improved authentication systems are all likely to become priorities.
- Enhanced Transparency: Users will want frequent, clear updates on the Archive’s security progress, so they know their data is safe.
- Regaining Public Trust: Given the Archive’s public service mission, it will need to actively demonstrate its commitment to securing user data.
The organization now faces intense pressure to correct its cybersecurity approach. Millions of users around the world depend on it not just to store data, but to preserve history.
Advice for Users: Protect Yourself Now
If you’re an Internet Archive user, here’s what you can do immediately:
Change Your Passwords: Secure your Archive account and consider using unique passwords for every site you use.
Check Your Account Activity: Keep an eye on any suspicious activity, especially if you submitted a support ticket recently.
Limit Sharing of Personal Info: Going forward, consider minimizing the personal information you submit to online platforms, especially for non-critical functions.
Explore Wayback Machine alternatives: Concerned users might explore alternatives to the Wayback Machine, such as PageFreezer.
Key Takeaways
- A second attack breached the Archive’s Zendesk platform.
- GitLab tokens from the first breach remained exposed.
- The attack aimed to boost hacker “street cred,” not financial gain.
Get Your Free SEO Audit Now!
Enter your website URL below to receive a comprehensive SEO report with tailored insights to boost your site's visibility and rankings.
You May Also Like
YouTube Rolls Out Data Stories & Tools for Creators’ Growth
YouTube is rolling out new features to give creators more power over their content and connections with fans. The latest tool, “Data Stories,” gives creators a snapshot of their video’s first 24 hours—data that helps them see exactly what’s working and what’s not. Paired with new tools for audience engagement and brand partnerships, YouTube is … YouTube Rolls Out Data Stories & Tools for Creators’ Growth
You.com Unveils “Research” Feature to AI Search Assistance
You.com, previously known as a standard search engine, has now evolved into an AI-powered search engine and personal assistant. With the aim of transforming how users handle everyday tasks, the platform has introduced a new and innovative feature called “Research.” This addition promises to take AI-driven search to the next level by enabling comprehensive research … You.com Unveils “Research” Feature to AI Search Assistance
Sites Impacted by HCU See Modest Recovery, Says Glenn Gabe
When Google rolled out its September 2023 Helpful Content Update (HCU), websites worldwide were hit with big changes in traffic and rankings. Now, new insights from SEO expert Glenn Gabe shed light on what’s actually happening to these sites months later. Out of nearly 400 sites Gabe’s been tracking, only 22% have shown a 20% … Sites Impacted by HCU See Modest Recovery, Says Glenn Gabe
Comments