Hackers who are purportedly responsible for the most recent Internet Archive breach are claiming in a number of new ways that they are still able to access the site.
The Wayback Machine, Archive-It, and other tools are back up, according to a Thursday update from the digital nonprofit, but numerous other services are still being restored.
However, someone sent hostile messages to hundreds of people who had contacted the Internet Archive on Sunday.
According to the hacker, it is “dispiriting to see that even after being made aware of the breach 2 weeks ago, [Internet Archive] has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets,” via the company’s support email via the customer support platform Zendesk. GitLab is a platform for software development.
“As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to [email protected] since 2018,” the hacker said in an email to media.
“Whether you were trying to ask a general question or requesting the removal of your site from the Wayback Machine—your data is now in the hands of some random guy. If not me, it’d be someone else. Here’s hoping that they’ll get their shit together now.”
Several other news outlets, researchers, and others who have contacted the Internet Archive received identical messages.
Requests for comment regarding the message’s assertions were not answered by Internet Archive. A number of security experts cautioned that the hacker might now have access to private data that was transmitted to the Internet Archive in order to help remove content from the Wayback Machine, which keeps copies of websites, many of which are no longer in use.
Another media report claimed this weekend that it “repeatedly tried to warn the Internet Archive that their source code was stolen through a GitLab authentication token that was exposed online for almost two years.” It’s important to note that there is no evidence this was a Zendesk issue and that Zendesk did not experience a compromise of its platform. Zendesk worked together with Internet Archive to secure their account.
After a distributed denial-of-service (DDoS) attack and website vandalism, the platform has been having difficulties for almost a week. Additionally, 31 million users’ encrypted passwords, emails, and usernames were taken by a hacker.
The number of people involved in each occurrence is unknown. One gang openly claimed responsibility for the DDoS attacks; however, the hacker who stole user data complained to the media about being included with the other intruders.
They told the media that they hacked the Internet Archive for “street cred,” while the group behind the DDoS attacks claimed to have done it for political reasons. None of the claims could be verified at the time of publication.
Although they could not name the hacker of the Zendesk account, a long number of individuals, groups, and governments have expressed disapproval of the Internet Archive since Brewster Kahle founded it in 1996.
Over the years, numerous governments have attempted to stop the website for providing stolen information, and dozens of musicians, authors, and artists have denounced it on the grounds that it encourages copyright infringement.
In his message on Thursday, Kahle likened the recent Internet Archive hack to a number of other well-known library hacks worldwide, such as ransomware attacks on the British Library, Toronto Public Library, Seattle Public Library, and this week’s Calgary Public Library incident.
Kahle clarified, “We hope these attacks are not indicative of a trend.”
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.