Just a day after the Internet Archive posted the restoration of its Wayback Machine and other services on its blog, the site has gone dark again. As of this writing, a visit to the Archive’s homepage shows a message confirming that while Archive-It and its blog are back online, the rest of the Internet Archive’s services remain temporarily unavailable.
This is the page you'll be greeted with when going to archive.org Credit: Internet Archive / Mashable Screenshot
It’s another frustrating setback for users who rely on the digital library’s vast resources, though details on who is causing this new disruption are still unclear. At this point, it looks like this is the fourth—yes, fourth—cyberattack on the Internet Archive since the beginning of October.
The first breach, on October 9th, saw two separate groups of hackers compromise the personal data of 31 million users, including emails, screen names, and encrypted passwords. Following that, a second and third attack targeted the Archive's Zendesk support system— with the hackers even responding to support requests sent to IA.
The timing of these attacks on the Internet Archive—and other online book repositories like the British and Toronto public libraries—couldn’t be worse. With the Internet Archive having already lost legal battles with publishing giants like Hachette, HarperCollins, and Penguin Random House, these cyberattacks only add to the chaos.
Internet Archive had its Zendesk email support platform instance compromised via stolen GitLab authentication tokens just more than a week after being targeted by separate intrusions that resulted in the theft of data belonging to 33 million users and a distributed denial-of-service attack.
Internet Archive's latest breach was noted by the threat actor to have stemmed from the digital library nonprofit's failure to rotate its authentication tokens. "It's dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets. As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018," said the threat actor in emails, which also indicated the exfiltrated data to be held by a "random" person. Such emails from the attacker follow Bleeping Computer’s persistent notifications to Internet Archive warning about source code theft from a GitLab authentication token that has been accessible to anyone for nearly two years.
Comments