Internet Archive breached again through stolen access tokens

Original Article ↗ Hacker News Discussion ↗

Security Failures and Incident Response

  • Many commenters see two breaches in quick succession as evidence IA is a “soft target” with poor security hygiene.
  • Not rotating exposed API keys after the first breach is widely criticized as a basic failure.
  • Some note it’s hard for a small, volunteer-heavy org without a formal security team to “do all the first things” quickly.
  • Several urge IA to hire dedicated security staff; others argue even “industry standard” security is often just checkbox compliance and won’t stop all mistakes.

Leadership, Governance, and Mission Creep

  • Strong calls for leadership change; claims IA’s priorities (e.g., aggressive copyright fights) put its core archival mission at risk.
  • Others defend current leadership as one of the few willing to withstand constant legal peril and stay true to a human-centric mission.
  • Debate over whether IA should focus strictly on archival vs. also acting as a copyright reform activist. Some say activism endangers the archive; others see the two as inseparable.

Copyright, Access, and Libraries

  • Deep divide on IA’s lending of in-copyright books and hosting of media:
    • Critics say this is akin to Pirate Bay, creates huge legal liability, and distracts from preservation.
    • Supporters argue current copyright terms are effectively “forever” and exclude much of the world from knowledge; IA’s access is framed as a “Robin Hood” role.
  • Discussion on hiding vs deleting archived pages for legal reasons; some argue IA mostly hides due to copyright but keeps copies for researchers.

Decentralization, Mirrors, and Resilience

  • Strong interest in decentralized or distributed backups (torrents, IPFS, Arweave, LOCKSS, Freenet/Hyphanet, ArchiveBox).
  • Repeated themes:
    • Hard to get enough volunteers to donate storage and bandwidth, especially for “boring” content.
    • Torrents are good for popular data, bad for long‑term reliability of obscure items.
    • IA’s existing torrents are often broken or stale; IPFS experiments described as slow and operationally painful.
  • Some propose user-friendly “donate X TB” systems; others argue volunteer storage is too unreliable for primary preservation but useful as a backup of IA itself.

Attackers’ Motives and Ethics

  • Motives of the breachers are unclear: theories range from “script kiddies” to political or state-linked actors, though nothing conclusive in the thread.
  • Some condemn attacking a “library”; others see the attackers as forcing IA to fix dangerous negligence and treat this as a grim but useful wake-up call.