Hours later, Brewster Kahle, group chairman at the Internet Archive confirmed the attack on X. “Sorry, but DDOS folks are back and knocked http://archive.org and http://openlibrary.org offline,” he said in the post. “@internetarchive is being cautious and prioritizing keeping data safe at the expense of service availability.”
In a follow-up post, however, Kahle said “DDoS fended-off for now.” It was done, he clarified, by disabling the affected JS library, scrubbing systems, and upgrading security.
Failed rotation led to the second hack
In the emails that users received on Sunday, the threat actor said the stolen tokens could still be used since Internet Archive has still not rotated them. This included “a ZenDesk token with permissions to access 800k+ support tickets sent to info@archive.org since 2018.”