The Internet Archive is grappling with significant security challenges following a recent data breach and DDoS attacks.

Users have reported receiving replies from hackers using the Internet Archive's support email, indicating unauthorized access to the system.

The situation underscores the urgent need for regular security audits and prompt responses to vulnerabilities to safeguard user data.

While the breach did not involve ransom demands, the stolen data poses significant risks for phishing and identity theft.

The hacker claimed their motivation was not financial or political, but rather an opportunity arising from the Internet Archive's security weaknesses.

The latest breach, which occurred in mid-October 2024, was facilitated by a stolen GitLab authentication token that had been publicly exposed for nearly two years.

This breach reportedly allowed attackers to steal 7TB of sensitive data, including API access tokens for the Internet Archive's Zendesk support system.

Among the compromised data were support tickets that could contain sensitive user information, including identification for content removal requests.

On October 20, hackers claimed to have accessed Zendesk tokens, enabling them to send mass emails to users who had interacted with the Internet Archive.

Chris Hickman, Chief Security Officer at Keyfactor, highlighted the necessity of regularly rotating access tokens to prevent such unauthorized access.

Brewster Kahle, the founder of the Internet Archive, confirmed that the platform had also experienced a DDoS attack attributed to a pro-Palestinian group.

Despite these ongoing security issues, the Internet Archive has resumed services, including the Wayback Machine and Archive-It, as of October 2024.