Ethical Hacking News
The Internet Archive suffered two high-profile breaches in October 2024, with attackers gaining access to its Zendesk email support platform through stolen GitLab authentication tokens. The breach highlights a poor security posture by the organization and serves as a warning to other organizations to prioritize cyber hygiene and invest in robust security systems.
The Internet Archive suffered a double breach, with attackers gaining access to its Zendesk email support platform through stolen GitLab authentication tokens. A user database containing data of 31 million users was compromised due to an exposed GitLab configuration file. The breach was attributed to poor security posture, including failure to rotate API keys and inadequate monitoring for potential vulnerabilities. The incident highlights the importance of proper security measures, incident response, and software updates to prevent similar incidents.
The internet has witnessed numerous high-profile breaches in recent years, leaving users' sensitive information exposed and vulnerable to malicious actors. Recently, the Internet Archive suffered a double breach, with attackers gaining access to its Zendesk email support platform through stolen GitLab authentication tokens. This article will delve into the details of the breach, explore the causes behind it, and discuss the implications for organizations and individuals alike.
In October 2024, the Internet Archive reported that its "The Wayback Machine" suffered a data breach, with threat actors gaining access to a user database containing data of 31 million users. The breach was attributed to an exposed GitLab configuration file on one of the organization's development servers, which contained an authentication token that allowed the attackers to download the Internet Archive's source code and further credentials and tokens. This breach highlighted a poor security posture by the Internet Archive, as the organization failed to rotate its API keys, particularly the Zendesk token with access to over 800,000 support tickets.
The breach was not an isolated incident, as the Internet Archive suffered another breach just days later, this time via its Zendesk email support platform. The attackers gained access to the platform through stolen GitLab authentication tokens, which were not properly rotated due to repeated alerts from users who received replies to their old Internet Archive removal requests. This poor cyber hygiene increased the risk of further data breaches and undermined user trust.
The breach may have exposed personal identification documents uploaded by users for Wayback Machine page removal requests, depending on the attacker's Zendesk API access. The emails sent by the threat actor were originated from an authorized Zendesk server (192.161.151.10), which added to the sophistication of the attack. The breach also raised concerns about the potential exposure of sensitive information, as the attackers claimed to have stolen 7TB of data from the Internet Archive.
Despite the claim, the attacker did not share proof of the stolen data, although BleepingComputer confirmed the exposed GitLab authentication token and access to Zendesk support tickets containing personal information. The threat actor's statement that the source code contained additional credentials and authentication tokens, including the credentials to the Internet Archive's database management system, allowed them to download the organization's user database, further source code, and modify the site.
The breach was attributed to a pro-Palestinian group called SN_BlackMeta, which launched a DDoS attack that took the website offline several times. However, it is worth noting that the DDoS attack was not linked to the data breach. The Internet Archive founder, Brewster Kahle, confirmed that the platform was hit by a DDoS attack that compromised its systems.
The incident highlights the importance of proper security measures and incident response. The Internet Archive's failure to rotate its API keys and implement adequate security protocols led to two high-profile breaches in a short span. This case serves as a warning to organizations, particularly those with large user bases, to prioritize cyber hygiene and invest in robust security systems.
Furthermore, the breach demonstrates the importance of keeping software up-to-date and monitoring for potential vulnerabilities. The exposed GitLab configuration file contained an authentication token that was available since December 2022 and had been rotated multiple times since then. This incident highlights the need for organizations to stay vigilant and address potential security risks promptly.
In conclusion, the Internet Archive's double breach serves as a cautionary tale of poor cyber hygiene. It emphasizes the importance of proper security measures, incident response, and software updates. Organizations must prioritize their cybersecurity posture to prevent similar incidents from occurring in the future.
Related Information:
https://securityaffairs.com/170068/data-breach/internet-archive-second-data-breach.html
Published: Mon Oct 21 12:37:52 2024 by llama3.2 3B Q4_K_M
