close
close

Fauvet-auto

News that Lasts, Stories that Matter

Wed. Oct 23rd, 2024
ylosta

The Internet Archive was hacked twice in a month

By L. Dreeye
The Internet Archive was hacked twice in a month

The Internet Archive was hacked twice in a month

Pierluigi Paganini
October 21, 2024

The Internet Archive has been hacked again, with attackers hacking Zendesk’s email support platform using stolen GitLab authentication tokens.

The Internet Archive was hacked via Zendesk, with users receiving warnings about GitLab tokens being stolen due to improper token rotation after repeated warnings.

This was first reported by BleepingComputer news of the incident came after she received several messages from people who had received replies to their old requests to remove the Internet Archive, warning that the organization had been hacked again because they had incorrectly swapped stolen authentication tokens.

Internet Archive Zendesk emails sent by attacker Source: BleepingComputer
Online archive of Zendesk emails sent by the attacker
Source: PipComputer

The report highlights the poor security of the Internet Archive. Despite being informed weeks earlier, the organization’s failure to rotate public API keys, specifically the Zendesk token with access to over 800,000 support tickets, reflects poor incident response. Poor cyber hygiene increases the risk of further data breaches and can undermine user trust.

The emails were sent by an authorized Zendesk server (192.161.151.10).

The breach may have exposed identity documents uploaded by users for Wayback Machine page takedown requests, depending on the attacker’s access to the Zendesk API.

October 9, Internet Archive “The Wayback Machine”. there was a data leakThe attackers gained access to a user database containing data from 31 million users.

Attackers who hacked a popular website shared a copy of the stolen data with a data breach notification service.

HIBP confirmed that the stolen archive contained 31 million records, including email address, display name, bcrypt password hash, and password change timestamps. HIBP added that 54% of the stolen records are already on its platform.

Troy Hunt told BleepingComputer that the leaked Internet Archive file is a 6.4GB SQL file named “ia_users.sql.”

Hunt noted that the last timestamp in the database records was September 28, 2024, which is likely the date the data was stolen. Hunt will be adding information about affected users to HIBP very soon.

Hunt also verified the authenticity of the information contained in the stolen archive.

Internet Archive founder Brewster Kahle also confirmed that the platform suffered a DDoS attack that took the site offline several times.

The DDoS attack was not linked to a data leak, and BleepingComputer attributed the attack to a pro-Palestinian group called SN_BlackMeta.

The Internet Archive hack began when an attacker discovered an open GitLab configuration file on one of the organization’s development servers. This file contained an authentication token that allowed the attacker to download Internet Archive source code, which included additional credentials and tokens. The attackers then used these credentials to access the Archive’s database management system, user database, and other source code, even modifying the site. The hacker claimed to have stolen 7TB of sensitive data, including Zendesk API tokens used for their email support system. The public token has been available since December 2022 and has reportedly changed several times since then.

Despite the claim, the attacker did not provide evidence of the stolen data, although BleepingComputer confirmed the exposed GitLab authentication token and access to Zendesk support tickets containing personal information.

The hacker claims that this source code contained additional credentials and authentication tokens, including credentials for the Internet Archive database management system. This allowed the attacker to download the organization’s user database, additional source code, and modify the site.

The attacker claimed to have stolen 7 TB of data from the Internet Archive, but did not provide any samples as evidence.

However, we now know that the stolen data also included API access tokens for the Zendesk Internet Archive support system.

At this time, no one has claimed responsibility for this security breach. Experts warn that the stolen information is circulating in the cybercrime underground and other attackers could use it to carry out other attacks.

Follow me on Twitter: @securityaffairs And Facebook and Mastodon

Pierluigi Paganini

(SecurityCases hacking, data leak)

By L. Dreeye

Related Post

ylosta

A Night at the Movies, Swing Unlimited, Regent Centre, Christchurch

L. Dreeye Oct 23, 2024
ylosta

Taiwan prepares for war with seven months of food supplies to resist Chinese blockade

L. Dreeye Oct 23, 2024
ylosta

Lewis Hamilton’s inconsistent form won’t stop Ferrari: ‘They can’t wait to get him’ | F1

L. Dreeye Oct 23, 2024

You Missed

ylosta

A Night at the Movies, Swing Unlimited, Regent Centre, Christchurch

ylosta

Taiwan prepares for war with seven months of food supplies to resist Chinese blockade

ylosta

Lewis Hamilton’s inconsistent form won’t stop Ferrari: ‘They can’t wait to get him’ | F1

ylosta

Former ownership group buys out Wellington International