Seems like the Internet Archive and Github are having issues. Bleeping computer has let them know of an issue, yet the Internet Archive has yet to respond to the claims.
This is interesting, as some of the things taken included API tokens as well as some number of TB of data which I don’t remember off hand but its in there.
Some of the stuff taken could have been information gatheered by support tickets, including any personal information from those tickets.
To make matters worse, DKIM and other email validation checks out because they’re using a valid server to send out, say the actors.
Since the actors can now have access to the support tool and GitHub, the Internet Archive is pretty much owned. Some of the tokens bleeping computer say are as old as 2 years old, or at least going back to 2022.
Its a sad state of affairs over there at the company. I’d hold off contacting them for anything, at least until they get their shit together and rotate all of their keys and secure their infrastructure.
There is plenty here, including the gitlab token debacle, Internet Archive breached again through stolen access tokens is your article.
Happy hunting!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.