New Internet Archive Breach Tied to Stolen Zendesk Tokens

by | Oct 22, 2024 | News




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Internet Archive Hit Again: Zendesk Breach Exposes 800K Support Tickets

The Internet Archive has suffered yet another breach, this time targeting its Zendesk email support platform. Despite warnings about exposed GitLab tokens, the organization failed to rotate their stolen credentials, leading to the compromise of their support system and exposing sensitive data.

800K Tickets Exposed: Data from Wayback Removal Requests at Risk

According to the threat actor, they accessed over 800,000 support tickets sent to [email protected] since 2018. These include personal information from individuals requesting the removal of content from the Wayback Machine. The attacker said, “Whether you were asking a general question or requesting the removal of your site… your data is now in the hands of some random guy.”

Internet Archive Zendesk emails sent by the threat actor

Internet Archive Zendesk emails sent by the threat actor
Source: BleepingComputer

The email headers in these emails also pass all DKIM, DMARC, and SPF authentication checks, proving they were sent by an authorized Zendesk server at 192.161.151.10.

Internet Archive Zendesk email headersInternet Archive Zendesk email headers
Source: BleepingComputer

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Authentication Tokens Left Exposed for 2 Years: Source Code and Data Stolen

The attacker first gained access by discovering an exposed GitLab configuration file on one of the Internet Archive’s development servers, which contained an authentication token. The token had been exposed for almost two years, allowing the hacker to download 7TB of source code, user databases, and other critical information.

Exposed Internet Archive GitLab authentication tokenExposed Internet Archive GitLab authentication token
Source: BleepingComputer

Risk of Personal IDs Leaked: Threat Actor May Have Access to Sensitive Files

Some users requesting removal from the Wayback Machine had to upload personal identification, which may now be compromised. Depending on the attacker’s API access to the Zendesk support system, these attachments could be in the hands of threat actors, raising serious privacy concerns.




Breach Motivated by Cyber Street Cred, Not Extortion or Politics

While there was speculation that the breach was politically motivated or related to copyright battles, the attack appears to have been driven purely by the hacker’s desire for cyber street credibility. With no monetary gain to be made from extorting the Internet Archive, the hacker sought recognition within the cybercriminal community.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This