The Internet Archive, a non-profit organization widely known for preserving the digital history of the web through its Wayback Machine, has fallen victim to its third major cyberattack in October 2024. On October 20, hackers exploited unrotated API tokens to gain unauthorized access to the Archive’s Zendesk support platform, putting sensitive user data at risk.
The Internet Archive data breach follows two earlier attacks this month, making it a challenging period for the firm, which serves as a vital resource for millions of researchers, historians, and the general public. This Internet Archive data breach could potentially expose personal identification documents submitted by users in support tickets dating back to 2018.
API Token Vulnerability Leads to Internet Archive Data Breach
The root cause of the October 20 cyberattack appears to be the Internet Archive’s failure to rotate API tokens for its Zendesk system. Despite being aware of previous security vulnerabilities, the organization did not implement the necessary changes to secure its API, enabling hackers to exploit these unrotated tokens. As a result, they gained unauthorized access to the Zendesk support platform, which manages user support tickets.
These support tickets may include highly sensitive information, such as personal identification documents submitted by users seeking assistance with various aspects of the Archive’s services. The extent of the data compromised is still being assessed, but the potential for significant privacy violations looms large.
Internet Archive’s Response
Brewster Kahle, founder of the Internet Archive, acknowledged the security breaches and emphasized the organization’s ongoing efforts to enhance security. In a statement shared on the Internet Archive’s official social media channels, Kahle provided insight into the behind-the-scenes work taking place to restore services and bolster security measures.
“I talked to many people with more to come, and I’m sneaking out this verified fact: People are working so incredibly hard,” reads the Reddit post. “The teams have getting the site back secure and safe as the number one priority. They have taken no days off this past week. They are taking none this weekend.”
This statement highlights the round-the-clock efforts of the Archive’s developers and system administrators to secure the platform and protect user data. Despite the tireless work, Internet Archive acknowledged the toll these incidents have taken on the staff, noting that many were exhausted yet determined to resolve the issues and restore normalcy.
The public has shown strong support for the Internet Archive, with many users on social media tweeting messages like “We stand with @internetarchive,” expressing solidarity with the organization during this tumultuous time.
Series of Cyberattacks in October
This Internet Archive data breach is the latest in a series of cyberattacks that have hit the Internet Archive over the past few weeks. The wave of attacks began on October 9, when hackers exploited an exposed GitLab token to access the Archive’s source code and user database, compromising the personal information of 31 million users. This breach was a significant blow to the Archive’s security, as it exposed usernames, email addresses, and salted-encrypted passwords.
Following the initial breach, the organization was also hit by a Distributed Denial of Service (DDoS) attack, which temporarily disrupted the Archive’s operations. Hackers further defaced the Archive’s website by exploiting a vulnerability in its JavaScript library. In a tweet addressing the October 9 attack, Kahle provided details about the organization’s response, writing, “DDOS attack—fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.”
These incidents have exposed critical vulnerabilities in the Internet Archive’s security infrastructure, raising concerns about the organization’s ability to safeguard its vast collection of data. The Archive, which holds over 42.1 million print materials, 13 million videos, 1.2 million software programs, and an astounding 866 billion web pages as of September 2024, plays a pivotal role in preserving the digital history of the internet. Any compromise of its systems could have far-reaching consequences for users and the integrity of the web’s historical record.
Impact on Users and Data Security
The potential fallout from the October 20 attack is significant. If personal identification documents and sensitive user data were indeed accessed and downloaded by the hackers, the affected users could face a heightened risk of identity theft, fraud, and other forms of cybercrime. While it remains unclear exactly how much data the attackers were able to obtain, the breach highlights the growing threat of cyberattacks on non-profit organizations and public institutions.
The Internet Archive’s failure to rotate API tokens is a particularly concerning oversight, given the increase in cyberattacks and the well-documented importance of regularly updating security protocols. The organization’s slow response to previous security vulnerabilities likely contributed to the hackers’ ability to infiltrate its systems repeatedly throughout October.
Strengthening Security Measures
The Internet Archive has pledged to improve its security infrastructure to prevent future incidents. The organization is reportedly upgrading its systems, rotating API tokens, and conducting a thorough review of its security practices. However, given the frequency and severity of the recent breaches, these steps may not be enough to fully reassure users who have trusted the Archive with their data.
As the Internet Archive works to recover from these attacks, the broader lesson for organizations, both non-profit and otherwise, is clear: cybersecurity must remain a top priority. The failure to address known vulnerabilities can have devastating consequences, as demonstrated by the repeated attacks on the Archive in October 2024.