←back to thread

Internet Archive breached again through stolen access tokens

(www.bleepingcomputer.com)
492 points vladyslavfox | 1 comments | 20 Oct 24 15:00 UTC | HN request time: 0.316s | source
Show context
TheFreim ◴[20 Oct 24 15:24 UTC] No.41895901[source]
> "It's dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets," reads an email from the threat actor.

This is quite embarrassing. One of the first things you do when breached at this level is to rotate your keys. I seriously hope that they make some systemic changes, it seems that there were a variety of different bad security practices.

replies(5): >>41896145 #>>41896897 #>>41897646 #>>41897785 #>>41898493 #
1. tgsovlerkhgsel ◴[20 Oct 24 19:17 UTC] No.41897785[source]
There are many "first things" you need to do if breached, and good luck identifying and doing them all in a timely fashion if you're a small organization, likely heavily relying on volunteers and without a formal security response team...