The Internet Archive, a well-known hub of digital preservation, suffered a third security breach in October 2024, exposing vulnerabilities in its Zendesk support system. Repeated exploitation of unrotated API tokens enabled hackers to access sensitive support tickets containing personal identification documents. The breaches have caused significant damage, affecting the platform’s reputation as well as the privacy of millions of users.

The latest breach, confirmed on October 20, marks the third time this month that hackers have successfully targeted the non-profit organization’s infrastructure. According to cybersecurity experts, the core issue stems from poor token management—specifically, the failure to replace compromised access tokens after earlier breaches.

The Anatomy of the Breaches

The first attack, on October 9, targeted the Internet Archive’s GitLab server through an exposed token, resulting in the theft of a user database containing bcrypt-hashed passwords and email addresses for 31 million users. A simultaneous DDoS attack, although unrelated, disrupted the website further.

In mid-October, hackers breached the organization again using unrotated access tokens to gain entry into the Zendesk platform. This gave them access to thousands of sensitive support tickets, some containing personal identification documents.

Brewster Kahle, the founder of the Internet Archive, confirmed the breaches and noted: “What we know: DDOS attacked-fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.”

The latest breach highlights a worrying pattern of negligence in cybersecurity practices. Despite previous warnings, the Internet Archive did not rotate the exposed tokens, leaving its systems vulnerable to further attacks. “It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys,” the hacker stated in a message to BleepingComputer.

Unlike many cyberattacks motivated by financial extortion, these breaches appear to be driven by hackers seeking “cyber street cred” for targeting high-profile organizations like the Internet Archive, which boosts reputation in underground hacker communities. While no ransom was demanded, the leaked data increases the risks of phishing attacks and identity theft for affected users.

Security and Trust at Stake

Professor Sanjay Jha from the University of New South Wales (UNSW) warned the public must remain vigilant in an era of frequent data breaches: “I understand that it’s human nature that you start to just get used to certain things, but I think it’s important to keep raising awareness about trying to protect your personal information.”

These repeated breaches have the potential to erode public trust in the Internet Archive. But the organization has pledged to enhance security measures by upgrading systems and scrubbing compromised libraries, but the damage may take time to repair.