A hacker allegedly responsible for the recent breach of the Internet Archive has surfaced with new claims, boasting of their continued access to the platform. Despite recent efforts by the Internet Archive to restore its services after the cyberattack, the hacker’s claims raise serious concerns about the organization’s security measures.
In a statement released on Thursday, the Internet Archive announced that key tools such as the Wayback Machine and Archive-It were operational again, although some services were still being restored. However, by Sunday, the hacker sent a series of antagonistic messages to hundreds of individuals, including media outlets like Recorded Future News and others who had contacted the organization.
Through the Internet Archive’s support email, routed via Zendesk, the hacker claimed, “It is dispiriting to see that even after being made aware of the breach 2 weeks ago, [the Internet Archive] has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets.” GitLab, a software development platform, was reportedly the source of the exposed credentials.
The hacker further stated, “As demonstrated by this message, this includes a Zendesk token with permissions to access 800K+ support tickets sent to info@archive.org since 2018.” The intruder warned that personal information, including requests for the removal of content from the Wayback Machine, was now in their hands. “Whether you were trying to ask a general question, or requesting the removal of your site… your data is now in the hands of some random guy.”
The ominous message ended with a cynical hope that the Internet Archive would finally take its security seriously.
Widespread Impact of the Breach
The hacker’s email, sent to a wide range of recipients, including researchers, news outlets, and even those who had requested site removals from the Wayback Machine, further exposed the vulnerabilities within the Internet Archive’s systems. The digital archive, known for storing vast amounts of historical internet content, now faces a potential public relations and security crisis.
The breach has also drawn attention to the Internet Archive’s handling of sensitive user data. Security experts have raised concerns that the stolen Zendesk token could give the hacker access to personal information submitted by users since 2018, including usernames, email addresses, and potentially requests to delete content.
Despite repeated attempts by researchers and news outlets such as BleepingComputer to warn the Internet Archive about the exposed GitLab authentication token, which had reportedly been online for nearly two years, the issue remained unresolved until the recent breach. The exposed token allegedly enabled the hacker to gain access to the organization’s internal systems and compromise sensitive data.
A Series of Attacks on the Internet Archive
This is not the first cyber incident the Internet Archive has dealt with recently. The platform endured a distributed denial-of-service (DDoS) attack that disrupted its operations, followed by a defacement of its website. In the midst of these issues, a hacker also stole data on 31 million users, including encrypted passwords, usernames, and email addresses. The total number of individuals involved in these incidents remains unclear, as different groups have claimed responsibility for various elements of the attacks.
One hacker, claiming responsibility for the data theft, told BleepingComputer they carried out the attack for “street cred,” while another group behind the DDoS attacks claimed political motivations. None of these claims have been verified, leaving the true nature and scope of the attacks somewhat murky.
Criticism and Fallout
The Internet Archive, founded in 1996 by Brewster Kahle, has faced criticism from a variety of individuals, governments, and organizations throughout its existence. Dozens of artists, authors, and musicians have accused the archive of facilitating copyright infringement by hosting pirated or unauthorized content. Moreover, several governments have sought to block access to the site for allegedly housing stolen material.
In a statement following the recent breach, Brewster Kahle likened the attack on the Internet Archive to similar incidents targeting other major libraries around the world, including ransomware attacks on the British Library and Toronto Public Library, among others. “We hope these attacks are not indicative of a trend,” Kahle remarked, expressing concerns about the future of public knowledge repositories in the face of growing cyber threats.
As the Internet Archive works to regain control of its systems, the aftermath of the breach is likely to serve as a cautionary tale about the risks posed by inadequate security protocols and the evolving tactics of cybercriminals.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
As an older woman, I find this terrifying! I found an order last Monday on my Amazon account for something over $400! The order was placed in Washington. I called my bank and Amazon and got it taken care of. Then I received a box with another person’s name on the label with my address!! I closed the credit card and my Amazon account. Just in time to see another order for $1000 + from someone in New Jersey!! Thank goodness my account was closed! I changed my account passwords so I hope I won’t have this problem again.
Thank you very much for sharing your experience! I can understand how terrifying and frustrating that must have been, especially with such large orders being placed without your knowledge. It’s great that you acted quickly and were able to resolve the issue before it escalated further. Taking those steps—like closing the account, contacting your bank, and updating your passwords—was definitely the right move. Hopefully, this will be the end of any unauthorized activity. Wishing you peace of mind moving forward!” 😎
Thank you!
You’re welcome! 😎