The Internet Archive has suffered yet another data breach, with hackers obtaining access to the email addresses of individuals who submitted support requests via the site’s Zendesk support platform. The attackers are exploiting their access to these support tickets, sending out replies to demonstrate the site’s ongoing security vulnerabilities.
A message from the hackers points out that despite being notified of the breach weeks ago, Internet Archive has not rotated many of the compromised API keys, leaving sensitive data exposed. The breach potentially affects anyone who has submitted a support ticket to the Internet Archive since 2018, particularly those who included personal information in their Wayback Machine removal requests or other inquiries.
The hackers claim access to over 800,000 support tickets, and personal data such as email addresses and encrypted passwords may be compromised. Users are advised to check whether their details have been exposed using the Have I Been Pwned website.
This incident comes amid other security issues at the Internet Archive, including a previous breach affecting a database with 31 million records and a DDoS attack. As a result, the site has been partially offline, operating in read-only mode with limited services such as the Wayback Machine, Archive-It.org, and the official blog.
The Internet Archive has acknowledged the breach and is taking a “cautious, deliberate approach” to strengthening its security before fully restoring services.
