Internet Archive Hit Again: Zendesk Breach Exposes 800K Support Tickets
The Internet Archive has suffered yet another breach, this time targeting its Zendesk email support platform. Despite warnings about exposed GitLab tokens, the organization failed to rotate their stolen credentials, leading to the compromise of their support system and exposing sensitive data.
800K Tickets Exposed: Data from Wayback Removal Requests at Risk
According to the threat actor, they accessed over 800,000 support tickets sent to [email protected] since 2018. These include personal information from individuals requesting the removal of content from the Wayback Machine. The attacker said, “Whether you were asking a general question or requesting the removal of your site… your data is now in the hands of some random guy.”
Internet Archive Zendesk emails sent by the threat actor
Source: BleepingComputer
The email headers in these emails also pass all DKIM, DMARC, and SPF authentication checks, proving they were sent by an authorized Zendesk server at 192.161.151.10.
Internet Archive Zendesk email headers
Source: BleepingComputer