As the Internet Archive still struggles to recover from a devastating cyberattack last month -- there's good and bad news.
The good? More of the site's services are now back online.
The bad? Hackers now have access to the site's internal support email system.
Also: Why you don't need to pay for antivirus software anymore
In the latest update to its service availability, the Internet Archive reported that its Archive-It service and blog page have returned. Archive-It is a subscription-based service that enables organizations to build large collections of videos, social media posts, and other digital content, and the blog page lets the site's owners communicate with its vast audience. Other services have also been restored, following the resumption of the Wayback Machine in read-only mode a week ago.
"The Wayback Machine, Archive-It, scanning, and national library crawls have resumed, as well as email, blog, helpdesk, and social media communications," Internet Archive founder Brewster Kahle said in a blog post on Friday. "Our team is working around the clock across time zones to bring other services back online. In [the] coming days, more services will resume, some starting in read-only mode as full restoration will take more time."
However, the email and helpdesk areas remain problematic as hackers seem to have infiltrated those services.
Also: The NSA advises you to turn off your phone once a week - here's why
As described by Bleeping Computer, this latest breach saw the theft of GitLab authentication tokens, giving the attackers access to the site's Zendesk email support platform. Several people who had previously sent support emails to the archive received the following response from the attackers as shown in a Reddit forum:
It's
dispiriting
to
see
that
even
after
being
made
aware
of
the
breach
weeks
ago,
IA
has
still
not
done
the
due
diligence
of
rotating
many
of
the
API
keys
that
were
exposed
in
their
GitLab
secrets.
As
demonstrated
by
this
message,
this
includes
a
Zendesk
token
with
perms
to
access
800K+
support
tickets
sent
to
Some people who chimed in on Reddit blamed the Internet Archive for not changing its API keys in the wake of the initial attacks, and others sympathized with the site. As a non-profit organization devoted to sharing valuable historical information, the Internet Archive has a limited budget. That means cybersecurity may get short shrift in the overall running of things.
Also: Cash App users have less than a month to claim up to a $2,500 settlement payout
"In a third attack on the Internet Archive this month, hackers are exploiting access tokens to the organization's Zendesk implementation," said Ev Kontsevoy, CEO of Teleport. "This means they now have access to more than 800 support tickets. While many have been critical of Internet Archive for not rotating API keys, it can be challenging in the aftermath of a breach for organizations to pick through the blast radius of an attack to prevent further exploitation."
The chain of events started last month when two attacks hit the Internet Archive. One was a data breach that compromised 31 million user accounts. Here, attackers stole site users' usernames, email addresses, and encrypted passwords. Exploiting a JavaScript library to deface the archive, the attackers displayed the following message to visitors: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened."
Also: If you're a Marriott customer, FTC says the breach-plagued hotel chain owes you
Another incident occurred around the same time -- a pro-Palestinian group named SN_BlackMeta launched a DDoS (Distributed Denial of Service) attack against the archive. Here, the hackers said they hit the site "because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of 'Israel'."
The irony with the DDoS attack is that the archive is a non-profit and non-government organization with no ties to or affiliation with the US government.
Also: The best VPN services of 2024: Expert tested and reviewed
As a result of the attacks, the archive was forced to go offline and is only now slowly starting to come back one service at a time.
"Last week, along with a DDOS attack and exposure of patron email addresses and encrypted passwords, the Internet Archive's website javascript was defaced, leading us to bring the site down to access and improve our security," Kahle said in his Friday blog post. "The stored data of the Internet Archive is safe and we are working on resuming services safely. This new reality requires heightened attention to cyber security and we are responding. We apologize for the impact of these library services being unavailable."