←back to thread

Internet Archive breached again through stolen access tokens

(www.bleepingcomputer.com)
492 points vladyslavfox | 1 comments | 20 Oct 24 15:00 UTC | HN request time: 0s | source
Show context
TheFreim ◴[20 Oct 24 15:24 UTC] No.41895901[source]
> "It's dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets," reads an email from the threat actor.

This is quite embarrassing. One of the first things you do when breached at this level is to rotate your keys. I seriously hope that they make some systemic changes, it seems that there were a variety of different bad security practices.

replies(5): >>41896145 #>>41896897 #>>41897646 #>>41897785 #>>41898493 #
ghostly_s ◴[20 Oct 24 17:15 UTC] No.41896897[source]
IA is in bad need of a leadership change. The content of the archive is immensely valuable (largely thanks to volunteers) but the decisions and priorities of the org have been far off base for years.
replies(5): >>41896940 #>>41897130 #>>41897333 #>>41898095 #>>41902975 #
echelon ◴[20 Oct 24 17:22 UTC] No.41896940[source]
I support archival of films, books, and music, but those items need to be write-only until copyright expires. The purpose of the Internet Archive is to achieve a wide-reaching, comprehensive archival, not provide easy and free read access to commercial works.

Website caches can be handled differently, but bulk collection of commercial works can't have this same public access treatment. It's crazy to think this wouldn't be a huge liability.

Battling for copyright changes is valiant, but orthogonal. And the IA by trying to do both puts its main charter--archival--at risk.

The IA should let some other entity fight for copyright changes.

I say this as an IA proponent and donor.

replies(3): >>41897051 #>>41897196 #>>41898502 #
absence5875 ◴[20 Oct 24 21:10 UTC] No.41898502[source]
> but bulk collection of commercial works can't have this same public access treatment

And it doesn't.

replies(1): >>41900689 #
1. echelon ◴[21 Oct 24 04:29 UTC] No.41900689{3}[source]
The Internet Archive Lending Library did. And there are music, movie, and video game ROMs found throughout the user uploads.

IA should collect these materials, but they shouldn't be playing fast and loose by letting everyone have access to them. That's essentially providing the same services as the Pirate Bay under the guise of archivism.

This puts IA at extreme legal risk. Their mission is too important to play such games.