At the end of this article, you will find explanations of the key technical terms used, such as DDoS attacks, access tokens, and phishing to help clarify the details of the breaches.
The Internet Archive has confirmed a third security breach on Oct. 20 in what has become a series of escalating cyberattacks. Hackers were able to exploit unrotated Zendesk API tokens to gain access to the platform that manages the archive's support tickets.
Despite previous warnings and multiple breaches earlier this month, the organization had not adequately secured the system, leaving the tokens vulnerable to continued exploitation. The attackers were still able to access and potentially download sensitive support data, including personal identification documents submitted by users.
This breach follows two major attacks earlier in October, which have compounded the damage to the organization’s infrastructure.