Internet Archive Breached Again: Zendesk Tokens Exploited in Mass Email Campaign

The Internet Archive has once again found itself at the center of a cyber incident. Malicious actors claimed to have gained access to Zendesk tokens—the customer support platform utilized by the Archive to handle inquiries—and used them to conduct a mass email campaign.

On Sunday, users who had interacted with the Internet Archive via Zendesk received emails in which the attackers alleged that they had compromised the access tokens. Reporters at The Register also received such an email following a request for comment.

The authors of the email criticized the Archive for failing to replace compromised API keys two weeks after they were exposed in a GitLab repository. According to the email, the Zendesk token allowed the attackers to access 800,000 user inquiries sent to info@archive.org since 2018. The hackers emphasized that the data had fallen into unauthorized hands and suggested that if they hadn’t obtained it, someone else would have.

It remains unclear whether this incident is linked to the previous attack on the Internet Archive’s website, during which intruders temporarily altered its content and accused the organization of weak data protection. Numerous reports on social media also indicate similar emails being received, further confirming the scale of the incident.

At the time of publication, neither the Internet Archive’s social media channels nor its blog offered any official comments. Previously, the organization sent out an apology email and a request for donations to aid in its recovery following the cyberattack, emphasizing the importance of user and community support.

Amidst these developments, many users have begun questioning whether the Internet Archive can still be trusted with their personal information, including credit card details.