October 21, 2024 at 04:17PM
The Internet Archive faces renewed security issues after a hacker allegedly accessed Zendesk tokens, sending a mass email revealing vulnerabilities in its systems. Despite previous data breaches, the archive reportedly failed to rotate exposed API keys, raising concerns about proactive security measures. The organization has not commented on the situation.
### Meeting Takeaways:
1. **Recent Security Incident**: The Internet Archive has faced another security challenge following a previous data breach and DDoS attacks that forced it offline.
2. **Claim of Unauthorized Access**: Unknown individuals have claimed they accessed the Internet Archive’s Zendesk tokens, leading to mass emails sent to users who interacted with the platform.
3. **Content of the Hacker’s Email**:
– The hacker criticized the Internet Archive for not rotating exposed API keys after the initial breach.
– They specifically referenced a Zendesk token with access to over 800,000 support tickets, compromising user inquiries dating back to 2018.
– The hacker implied that user data is now at risk and emphasized the importance of securing data against potential misuse.
4. **Expert Opinion**: Chris Hickman, CSO of Keyfactor, indicated the breach reflects poor security practices, particularly regarding the rotation of access tokens.
– Unrotated tokens can lead to unauthorized access and service disruptions, damaging the organization’s reputation and trust.
5. **Public Response**: The Internet Archive has not publicly addressed the latest breach but has called for donations to further its mission of open knowledge access.
6. **Action Item**: The Internet Archive may need to evaluate its security protocols, especially concerning token management, to prevent further incidents and restore user trust.