←back to thread

Internet Archive breached again through stolen access tokens

(www.bleepingcomputer.com)
492 points vladyslavfox | 1 comments | 20 Oct 24 15:00 UTC | HN request time: 0.208s | source
Show context
TheFreim ◴[20 Oct 24 15:24 UTC] No.41895901[source]
> "It's dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets," reads an email from the threat actor.

This is quite embarrassing. One of the first things you do when breached at this level is to rotate your keys. I seriously hope that they make some systemic changes, it seems that there were a variety of different bad security practices.

replies(5): >>41896145 #>>41896897 #>>41897646 #>>41897785 #>>41898493 #
ghostly_s ◴[20 Oct 24 17:15 UTC] No.41896897[source]
IA is in bad need of a leadership change. The content of the archive is immensely valuable (largely thanks to volunteers) but the decisions and priorities of the org have been far off base for years.
replies(5): >>41896940 #>>41897130 #>>41897333 #>>41898095 #>>41902975 #
fngjdflmdflg ◴[20 Oct 24 17:47 UTC] No.41897130[source]
Do you have any examples?
replies(2): >>41897247 #>>41897614 #
soygem[dead post] ◴[20 Oct 24 18:04 UTC] No.41897247[source]
[flagged]
1. tylerchilds ◴[20 Oct 24 21:30 UTC] No.41898643[source]
the funny thing about the internet archive is that anyone else on this planet could do exactly what they are doing, but they consistently choose not to.

kiwifarms could spin up their own infrastructure, serve their own content for the world, but it turns out technology is a social problem more than a technical problem.

anyone that wants to stand up and be the digital backbone of “kiwi farms” can, but only the internet archive gets flack for not volunteering to be the literal kiwi farm.

for example, the pirate bay goes offline all the time, but it turns out the people that use it, care enough to keep it online themselves.