It’s dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.
As
demonstrated
by
this
message,
this
includes
a
Zendesk
token
with
perms
to
access
800K+
support
tickets
sent
to
Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine—your data is now in the hands of some random guy. If not me, it’d be someone else.
Here’s hoping that they’ll get their shit together now.
(Originally posted by Wes Davis)