Going live with my weekly update in 10 minutes! Home in Australia Again; Muah[.]AI Image Prompt Nastiness; Internet Archive Hacked Thrice; National Public Data is Dead https://t.co/xp3CO3yfEK
— Troy Hunt (@troyhunt) October 11, 2024
The Internet Archive, a non-profit digital library known for its Wayback Machine web archiving tool, has suffered a major data breach. The breach exposed the personal information of 31 million users. The breach was discovered on Wednesday when visitors to archive.org were greeted with a JavaScript alert on the website.
The message mocked the Internet Archive’s security measures and announced the leaked data.
The data is safe.
Services are offline as we examine and strengthen them. Sorry, but needed. @internetarchive staff is working hard.
Estimated Timeline: days, not weeks.
Thank you for the offers of pizza (we are set).
— Brewster Kahle (@brewster_kahle) October 11, 2024
The message read, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened.”
The stolen database included email addresses, usernames, timestamps of password changes, and passwords encrypted using bcrypt.
Update: @internetarchive’s data has not been corrupted. Services are currently stopped to upgrade internal systems.
We are working to restore services as quickly and safely as possible.
Sorry for this disruption.
— Brewster Kahle (@brewster_kahle) October 10, 2024
The most recent timestamp on the stolen records is from September 28, 2024, which is likely when the data was compromised. Affected individuals will soon be able to find out if their information was exposed. Some people listed in the database, including cybersecurity researcher Scott Helme, verified that the details in the leaked data matched their own records stored securely in password managers.
The Internet Archive is an important resource for researchers, students, and the general public. It preserves billions of web pages, texts, audio recordings, and other valuable digital resources.
Internet Archive suffers major data breach
The cause of the breach is still unknown, but the incident coincides with a distributed denial-of-service (DDoS) attack on the Internet Archive website. The attack took archive.org and openlibrary.org offline and has been claimed by the SN_BlackMeta hacktivist group. The group announced on social media platform X that it had launched “highly successful attacks for five long hours” and vowed to continue its efforts.
The group is believed to be affiliated with the pro-Palestinian movement. While SN_BlackMeta has claimed responsibility for the DDoS attack, its direct involvement in the data breach is unclear. Internet Archive founder Brewster Kahle confirmed the data breach on social media and stated that the attackers used a compromised JavaScript library to display the message on the website.
He reassured users that the nonprofit is taking steps to address the situation, including disabling the compromised code, investigating the breach, and upgrading security measures. As a result, archive.org and openlibrary.org are currently offline. Jason Meller, VP of Product at 1Password, has warned users to exercise caution until the situation is resolved.
“Based on publicly available evidence, the site has been thoroughly compromised,” Meller said. “Given the severity of this breach and until they have had time to fully investigate, my strong recommendation is to avoid browsing or using any files obtained from the site until they have declared an ‘all clear’.”
The Internet Archive’s efforts to secure its platform are ongoing, and users are advised to remain vigilant and update their passwords as a precaution.
Feeling stuck in self-doubt?
Stop trying to fix yourself and start embracing who you are. Join the free 7-day self-discovery challenge and learn how to transform negative emotions into personal growth.
