The Internet Archive has suffered an email hack while working to restore services impacted by recent cyberattacks.
The non-profit digital library recently suffered a data breach that resulted in the exposure of usernames, email addresses, and password hashes belonging to as many as 31 million users.
In addition, the Internet Archive’s services were targeted by a major DDoS attack, and its website was defaced. The incident led to most Internet Archive services being suspended, including the popular Wayback Machine, which has collected snapshots of hundreds of billions of web pages.
In a blog post published on Friday, Internet Archive founder Brewster Kahle said Wayback Machine, Archive-It, scanning, and national library crawls have been restored, along with email, helpdesk, blog and social media communications. He announced that other services should be back online within days.
“The stored data of the Internet Archive is safe and we are working on resuming services safely. This new reality requires heightened attention to cyber security and we are responding,” Kahle said.
He added, “We’re taking a cautious, deliberate approach to rebuild and strengthen our defenses. Our priority is ensuring the Internet Archive comes online stronger and more secure.”
However, it turns out that there is still more work to be done in terms of security. Over the weekend, many users who in the past contacted Internet Archive support received an email informing them about another security incident, one related to the Internet Archive’s Zendesk instance.
The email, apparently sent by someone who abused a compromised Zendesk token, read, “It’s dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets.”
“As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to [email protected] since 2018,” the hacker added. “Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine—your data is now in the hands of some random guy. If not me, it’d be someone else.”
These messages came from a zendesk.com email address known to have been used for support and other purposes by the Internet Archive.
The Internet Archive has not shared any information on who is behind the cyberattacks. A pro-Palestine hacktivist group named BlackMeta (aka SN_BlackMeta or DarkMeta) has taken credit for the DDoS attack, but the actual hacking appears to have been carried out by different, unidentified threat actors.
Related: Casio Hit by Cyberattack
Related:Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches
