Hackers who breached the Internet Archive earlier this month continue to exploit the organization’s security vulnerabilities, now using exposed Zendesk access tokens to send unauthorized email blasts.
Despite the Archive’s efforts to recover from the incident, the hackers claim they still have access to sensitive API keys, including one that allows control over the customer service platform Zendesk, which handles the Archive’s support tickets.
Users’ Support Data at Risk
Users have received emails from what appeared to be the Archive’s support team. However, these messages were allegedly written by the hackers, who criticized the Archive for failing to rotate exposed API keys, particularly a Zendesk token. This token reportedly grants access to over 800,000 support tickets dating back to 2018. These tickets include requests ranging from general inquiries to site removal requests from the Wayback Machine, leaving users’ personal data vulnerable.
The email, shared widely by affected users on social media, pointed out that user data is now compromised and in the hands of unauthorized individuals.
The hacker stated,
“Whether you were trying to ask a general question or requesting the removal of your site from the Wayback Machine – your data is now in the hands of some random guy. If not me, it’d be someone else. Here’s hoping that they’ll get their shit together now.”
Internet Archive Slowly Restoring Services
The ongoing breach follows a security incident that caused disruption to the Internet Archive’s services, including its popular Wayback Machine, and resulted in parts of the site being taken offline. As of now, the Archive has slowly started restoring some services in a limited, read-only mode. Founder Brewster Kahle announced in an October 17th blog post that the team has been “working around the clock across time zones” to bring back more functionality, but full restoration will take time.
The Internet Archive has yet to officially address the ongoing Zendesk exploit on its social channels or blogs. However, in a legitimate email sent last week, the Archive asked users for donations to help with the recovery process. The email apologized for the impact of the security breach and encouraged the community to provide financial support to help the Archive “work through its infosec issues.” The fundraising request has raised concerns, with some questioning whether this is the right time to trust the organization with credit card information.
As of now, the motivation behind the attacks remains unclear. While the hackers responsible have continued to access parts of the Archive’s systems, including customer support tools, the organization is still investigating the breach and attempting to secure its infrastructure.
Featured Image courtesy of Internet Archive
Follow us for more tech news updates.