Early this morning, I received an email from “The Internet Archive Team,” replying to a message I’d sent on October 9th. Except its author doesn’t seem to have been the digital archivists’ support team — it was apparently written by the hackers who breached the site earlier this month and who evidently maintain some level of access to its systems.
I’m not alone. Users on the Internet Archive subreddit are reporting getting the replies, as well. Here is the message I received:
It’s dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.
As demonstrated by this message, this includes a Zendesk token…
