The Internet Archive has experienced yet another breach, this time involving their Zendesk email support platform with 800+ support tickets, despite warnings about stolen GitLab authentication tokens by threat actors.
“It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets,” reads an email from the threat actor.
Since Saturday night, BleepingComputer reported receiving multiple emails from individuals who got replies to old Internet Archive removal requests, alerting them to the breach caused by the organization’s failure to properly rotate their stolen authentication tokens.
Recipient of these emails told BleepingComputer that they had to upload personal identification when requesting a removal of a page from the Wayback Machine.
“Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine your data is now in the hands of some random guy. If not me, it’d be someone else,” the threat actor’s email continues.
Steve Hahn, EVP Sales US, BullWall had this to say:
“Multiple successive attacks is unfortunately the norm, not the exception. When a threat actor has a successful attack they have typically spent months in the environment undetected. They have worked for long term persistence. Setting up dozens or hundreds of back up accounts and credentials, running scripts to cover their tracks, set up fresh, unprotected VMs, done vulnerability scans, laid second wave traps, such as embedding malicious macros into internal documents that will launch a whole new attack. The latter is quite crafty. We all know we shouldn’t “enable macros” on any file we get from an untrusted source, but when it’s on an internal share and it’s a document you use regularly, you have no hesitancy to hit the “enable macros” button. In terms of how often a company is hit in successive attacks, I’ve seen numbers as high as 78% and that does ring true to my personal observations.”
It’s bad enough that this site got pwned. But to get pwned three times is insane. Hopefully the Internet Archive takes steps to make sure that there is not a fourth time as this is pretty embarrassing.
Like this:
Like Loading...
Related
This entry was posted on October 22, 2024 at 4:19 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The Internet Archive Has Been Pwned Again
The Internet Archive has experienced yet another breach, this time involving their Zendesk email support platform with 800+ support tickets, despite warnings about stolen GitLab authentication tokens by threat actors.
“It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets,” reads an email from the threat actor.
Since Saturday night, BleepingComputer reported receiving multiple emails from individuals who got replies to old Internet Archive removal requests, alerting them to the breach caused by the organization’s failure to properly rotate their stolen authentication tokens.
Recipient of these emails told BleepingComputer that they had to upload personal identification when requesting a removal of a page from the Wayback Machine.
“Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine your data is now in the hands of some random guy. If not me, it’d be someone else,” the threat actor’s email continues.
Steve Hahn, EVP Sales US, BullWall had this to say:
“Multiple successive attacks is unfortunately the norm, not the exception. When a threat actor has a successful attack they have typically spent months in the environment undetected. They have worked for long term persistence. Setting up dozens or hundreds of back up accounts and credentials, running scripts to cover their tracks, set up fresh, unprotected VMs, done vulnerability scans, laid second wave traps, such as embedding malicious macros into internal documents that will launch a whole new attack. The latter is quite crafty. We all know we shouldn’t “enable macros” on any file we get from an untrusted source, but when it’s on an internal share and it’s a document you use regularly, you have no hesitancy to hit the “enable macros” button. In terms of how often a company is hit in successive attacks, I’ve seen numbers as high as 78% and that does ring true to my personal observations.”
It’s bad enough that this site got pwned. But to get pwned three times is insane. Hopefully the Internet Archive takes steps to make sure that there is not a fourth time as this is pretty embarrassing.
Share this:
Like this:
Related
This entry was posted on October 22, 2024 at 4:19 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.