Source URL: https://www.theregister.com/2024/10/21/internet_archive_zendesk_access_attack/
Source: The Register
Title: Internet Archive exposed again – this time through Zendesk
Feedly Summary: Org turns its woes into a fundraising opportunity
Despite the Internet Archive’s assurances it’s back on its feet after a recent infosec incident, the org still appears to be in trouble after parties unknown claimed to hold access tokens to its Zendesk implementation and to have used them to send a mass email blast.…
AI Summary and Description: Yes
Summary: The Internet Archive is facing ongoing security challenges after a recent incident where a breach led to the exposure of API tokens and sensitive user support data. The breach has raised significant concerns among users regarding the organization’s information security practices and ongoing vulnerability management.
Detailed Description:
The text describes a recent incident involving the Internet Archive (IA), revealing critical issues surrounding their information security posture. A breach occurred, compromising access tokens related to their Zendesk customer service platform. This incident highlights vulnerabilities in IA’s management of sensitive API keys and user trust. Key points to note include:
– **Breached Tokens**: Malicious actors claimed to have accessed Zendesk tokens, allowing them to send a mass mailing that included sensitive information about user queries and tickets, highlighting potential access to over 800,000 support tickets since 2018.
– **Lack of Response**: The email sender criticized IA for not rotating API keys post-breach, raising questions about their incident response and overall cyber hygiene.
– **User Data Compromise**: Users who interacted with the archive and routed requests through Zendesk are at risk, as personal data may have been compromised, intensifying concerns about data privacy and security.
– **Community Impact and Reactions**: The incident has triggered varied reactions from the community, with many users expressing reluctance to trust the Internet Archive during this tumultuous period, especially concerning sensitive data transactions like credit card information.
– **Communication Gaps**: The organization has not communicated adequately about the breach, leaving users uncertain about the extent of the compromise and remediation efforts.
Overall, this situation underscores the critical need for robust infrastructure security practices, including timely incident response, effective credential management, and transparent communication with the user base following a data breach. For security and compliance professionals, this case serves as a pertinent reminder of the importance of vigilance, proactive measures in protecting sensitive data, and maintaining user trust in online services.