The Internet Archive hackers still have access to its internal emailing tools

It is disheartening to see that even after being made aware of the breach two weeks ago, IA still did not do due diligence to rotate many of the API keys that were exposed in their Gitlab secrets.

As shown in this message, this includes a Zendesk token with permissions to access over 800,000 support tickets submitted to info@archive.org since 2018.

Whether you wanted to ask a general question or request your site be removed from the Wayback Machine, your data is now in the hands of anyone. If it wasn't me, it would be someone else.

We hope they get their shit together now.

Leave a Comment

url url url url url url url url url url url url url url url url url url url