Hackers who recently breached the Internet Archive’s systems are still in control of some internal tools. According to reports from users on Reddit, emails have been sent from the Archive’s customer service platform that are not from official staff. Instead, they seem to have been sent by the same group that accessed the systems earlier in the month.
Messages received by users suggest that API keys weren’t properly rotated following the initial breach. In one email, a hacker pointed out the failure to revoke a token allowing access to over 800,000 support tickets that had been submitted to the Internet Archive since 2018. This vulnerability has raised concerns about the safety of data handled by the nonprofit, which holds a vast amount of information.
31 Million Accounts at Risk
After the breach, the Archive acknowledged that personal data from 31 million user accounts had been compromised. Exposed information includes usernames, email addresses, and encrypted passwords. Although no archived material was reportedly affected, this incident has triggered widespread security concerns, given the platform’s role in preserving digital records.
While the website is partially operational again, some features remain unavailable. Users can access stored content, but the option to save new pages has been disabled for the time being. As the restoration process continues, the Archive’s team is working to ensure that the breach is fully contained and that future attacks are less likely.
Here’s an insider report on what’s going on behind the scenes to bring @internetarchive services online: https://t.co/HKhlmbrYUO pic.twitter.com/eCMlYBPDQb
— Internet Archive (@internetarchive) October 19, 2024
Attackers’ Motive Still a Mystery
Despite attempts to uncover the reasons behind the attack, the hackers’ intentions remain uncertain. A group identifying as SN_Blackmeta has taken responsibility, linking their actions to a political stance against the U.S. government. However, many are confused as to why a group would target an organization focused on preserving the internet’s history. Brewster Kahle, founder of the Internet Archive, voiced his own perplexity over the attack, questioning the logic behind it.
To enhance security and prevent a recurrence, the Archive is now implementing comprehensive system updates. One of the main objectives is to safeguard over 840 billion web pages, none of which were directly compromised during the breach.
DDoS Attacks Add to Challenges
After the initial breach, the situation worsened when Distributed Denial of Service (DDoS) attacks were launched against the Archive. These attacks made it even more difficult for the Archive’s staff to restore the website, as they overloaded servers and further complicated the recovery process. Although some services are now being gradually brought back online, full restoration has yet to be achieved, and users are still unable to add new content to the archive.
At present, essential services like institutional crawlers are slowly coming back, but the site remains in read-only mode. This limitation, coupled with the uncertainty surrounding future vulnerabilities, has left many users concerned about the Archive’s long-term security.