Skip to main content

Internet ArchiveSuffered data breach exposing 31 million user records due to unsecured authentication tokens

In October 2024, Internet Archive suffered a significant data breach affecting 31 million users. Attackers exploited unsecured Zendesk API tokens that had been accessible in a GitLab repository for nearly two years. Exposed data included email addresses, screen names, and bcrypt password hashes. A second breach occurred via unrotated tokens after the initial attack.

Scoring Impact

TopicDirectionRelevanceContribution
Data Security-againstprimary-1.00
Overall incident score =-0.443

Score = avg(topic contributions) × significance (high ×1.5) × confidence (0.59)× agency (negligent ×0.5)

Evidence (1 signal)

Confirms Policy Change Oct 9, 2024 verified

Suffered data breach exposing 31 million user records due to unsecured authentication tokens

In October 2024, Internet Archive suffered a significant data breach affecting 31 million users. Attackers exploited unsecured Zendesk API tokens that had been accessible in a GitLab repository for nearly two years. Exposed data included email addresses, screen names, and bcrypt password hashes. A second breach occurred via unrotated tokens after the initial attack.

NPR(opens in new tab),BleepingComputer(opens in new tab)

Related: Same Topics

Flutterwave · Lost ₦11 billion ($7M+) in security breach as perpetrators illegally transferred funds
Computacenter · Allegedly fired manager who reported Deutsche Bank security breach
LY Corporation · Suffered major data breach affecting 520,000 users due to shared infrastructure with Korean parent
ByteDance · China-based ByteDance employees repeatedly accessed nonpublic data of US TikTok users
Coinbase · Insider data breach exposed 69,461 customers' sensitive data, costing $355+ million