### Internet Archive Breached Again, Exposing User Data and Support Tickets

The Internet Archive has fallen victim to another security breach, this time affecting their Zendesk email support platform. The breach is linked to the exposure of GitLab authentication tokens, despite previous warnings about the vulnerability. Users of the Internet Archive's services have received alarming emails, informing them that their old requests for content removal or general inquiries have been compromised.

An email from the threat actors behind this breach highlights the failure of the Internet Archive to address the problem. "It's dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets," stated the email. The breached API key allowed access to over 800,000 support tickets sent to the organization since 2018.

Alarmingly, some users had uploaded personal identification documents when requesting the removal of their information from the Wayback Machine. The threat actors now potentially have access to these sensitive attachments, raising concerns about data privacy and security.

This latest incident follows a tumultuous period for the Internet Archive. On October 9th, it was reported that the organization had suffered two simultaneous attacks. A data breach resulted in the theft of user data for 33 million users, while a pro-Palestinian group named SN_BlackMeta executed a DDoS attack. Initial reports erroneously attributed both attacks to SN_BlackMeta, frustrating the actual perpetrators of the data breach.

Further investigation revealed that the attackers exploited an exposed GitLab configuration file on one of the Archive's development servers. This file contained an authentication token, which allowed the threat actors to download the Internet Archive's source code. The compromised source code included additional sensitive credentials, giving the attackers access to the organization's databases and the ability to modify the website.

Even though the hackers claimed to have stolen 7 terabytes of data, no samples have been provided to verify this claim. However, it is confirmed that API access tokens for the Zendesk support system were among the stolen data. This breach underscores the motives of many cyber attackers, who often seek notoriety and respect within their communities rather than monetary gain.

Despite numerous efforts by BleepingComputer to contact the Internet Archive and share insights about the breach, there has been no response from the organization. The security lapse has fueled conspiracy theories about potential political motives, but it appears that the breach may simply have been a target of opportunity for the hackers.

The stolen data is now circulating among cybercriminal communities, and experts anticipate that it will eventually surface on hacking forums like Breached. This incident serves as a stark reminder of the vulnerabilities facing even well-established digital archives and the importance of stringent cybersecurity measures.