Hacker Claims to Have Breached the Internet Archive Again

The Internet Archive is still suffering problems after the initial hack and DDoS attack, as the initial hacker still apparently has access to the organization's infrastructure. Proof of that was provided when the hackers answered questions using the internal ticketing system.

What is the Internet Archive?

As the name suggests, the Internet Archive is an organization devoted to preserving free access to a number of important resources, including websites, software, music, books, and videos. Most people who have heard of the Internet Archive know that it's host to the Wayback Machine, a tool that saves snapshots of websites for posterity.

Only a couple of weeks ago, a hacker compromised the website and stole usernames, email addresses, hashed passwords, and possibly additional data.

Then, on Oct. 21, the Internet Archive made an important announcement. Everything is back online.

"In recovering from recent cyberattacks on October 8, the Internet Archive has resumed the Wayback Machine (starting October 13) and Archive-It (October 17), and as of today (October 21), has begun offering provisional availability of archive.org in a read-only manner. Features like uploading, borrowing, reviewing items, interlibrary loan, and other services are not yet available," reads the announcement.

A new day, a new Internet Archive hack

Now, according to Hackread, despite the announcement, a new hack has occurred as the threat actor exploited unrotated Zendesk API tokens, which allowed access to the support platform. Of course, this means they also have access to years of ticket history.

A message purportedly from the hacker is available on VX-Underground. In it, the hacker boasts about the hack and chastises the website for its poor security policies that allowed the incident to be possible in the first place.

"It's dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets," writes the hacker," the hacker wrote.

"As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018. Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine - your data is now in the hands of some random guy. If not me, it'd be someone else."