Team CryptoInsightfull 
Customer service platform Zendesk said it worked with the Internet Archive to help resolve a breach that allowed a hacker to respond to emails on behalf of the platform.
Over the weekend, a hacker used the Internet Archive’s account on Zendesk to respond to dozens of inquiries, telling Recorded Future News and others that they still had access to parts of the Internet Archive’s systems.
A spokesperson for Zendesk on Tuesday confirmed much of what the hacker said — noting that the Internet Archive had not secured its authentication tokens which allowed the hacker to have continued access.
“It’s important to note that there is no evidence this was a Zendesk issue and that Zendesk did not experience a compromise of its platform,” the spokesperson said. “We have since worked together with Internet Archive to secure their account.”
Chris Freeland, director of library services at the Internet Archive, published a new message on Monday evening confirming that the hacker “sent emails to patrons by exploiting a 3rd party helpdesk system.”
Freeland said they are “relaunching services as defenses are strengthened.”
“These efforts are focused on reinforcing firewall systems and further protecting the data stores,” he explained.
The Internet Archive, responsible for the WayBack Machine and other internet preservation tools, said last week that it had been making progress on restoring many of its services after multiple cybersecurity incidents forced it offline.
But over the weekend, the hacker emailed anyone who had contacted the organization, writing that it is “dispiriting to see that even after being made aware of the breach 2 weeks ago, [Internet Archive] has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.” GitLab is a software development platform.
BleepingComputer claimed this weekend that it “repeatedly tried to warn the Internet Archive that their source code was stolen through a GitLab authentication token that was exposed online for almost two years.”
In his update on Monday, Freeland said archive.org had returned to service but only in read-only mode. Features like uploading, borrowing, reviewing items, interlibrary loan and other services are not yet available, he added.
“Thank you for standing with the Internet Archive as we continue to fight back on behalf of all affected readers,” he added.
Recorded Future
Intelligence Cloud.
