The Internet Archive, home to the beloved Wayback Machine and a treasure trove of digitized books, has recently fallen victim to a significant security breach. This breach highlights a recurring issue: the careless handling of credentials in source code, which continues to expose valuable data to attackers.

 

The initial entry point was the Internet Archive’s use of GitLab, a platform for managing software source code. Attackers were able to access this repository and uncover sensitive credentials—an avoidable mistake. These credentials were then leveraged to infiltrate Zendesk, a third-party help desk service used by the Archive. With access to Zendesk’s systems, the attackers were able to gather data on users who had submitted support tickets, further compounding the breach.

 

The second mistake came after the initial breach: the failure to rotate access tokens. These tokens act as keys, granting external services like Zendesk permission to interact with Internet Archive systems. Despite knowing their security had been compromised, the Archive did not refresh these tokens. This oversight allowed the attackers to return and exfiltrate even more data.

 

Additionally, a distributed denial-of-service (DDoS) attack was launched, further damaging the Archive's reputation and disrupting its services. DDoS attacks involve overwhelming a website with massive traffic, causing it to crash—yet another blow to the trusted institution.

 

While the Internet Archive has its security lapses, it remains a vital resource, housing digitized books, historical records, and other creative content for free access. Attacks like these only harm the public good and undermine efforts to preserve knowledge. If you spot a flaw in a system, it’s always better to report it responsibly rather than exploit it.

 

The breach serves as a stark reminder to all organizations: store credentials securely, rotate tokens regularly, and always be vigilant in securing your systems. Let’s hope this serves as a lesson for the Internet Archive and others moving forward.