October 20, 2024 at 09:36PM
The Internet Archive faces ongoing issues following a recent infosec breach, with unknown parties allegedly sending mass emails using stolen Zendesk tokens. The emails claimed access to sensitive user data, raising concerns about security. Despite the Archive’s outreach for donations, many are wary about sharing personal information amidst these vulnerabilities.
### Meeting Takeaways
1. **Recent Security Incident**: The Internet Archive (IA) recently experienced an infosec incident, which they have assured has been addressed. However, there are concerns about lingering vulnerabilities.
2. **Token Exposure**: An unidentified party claims to have accessed tokens from IA’s Zendesk implementation, allowing them to send mass emails. The email states the tokens can access over 800,000 support tickets since 2018.
3. **Breach Awareness**: The email sender criticized IA for failing to rotate API keys exposed during the breach, indicating ongoing security issues.
4. **User Data Compromise**: The message raised concerns about the potential misuse of user data, suggesting that requests made by users could now be accessed by unauthorized individuals.
5. **Public Reception**: There have been multiple reports from various users who received the suspicious email, indicating the issue may have broader implications.
6. **Lack of Communication**: IA has not publicly addressed the matter on their social media or blogs, maintaining silence regarding the ongoing situation.
7. **Ongoing Assistance Requests**: Despite the security issues, IA sent out a legitimate email requesting donations to help manage their infosec problems and maintain service continuity.
8. **User Trust Concerns**: There is skepticism about whether it’s safe for users to share sensitive information, such as credit card details, with the Internet Archive at this time.
### Conclusion
The Internet Archive is facing significant trust issues and security concerns following a recent breach. Users are encouraged to be cautious about sharing sensitive information while the organization works to resolve these issues.