internet archive restores access after breach

Archive Access

The Internet Archive has partially restored access to its website and services after suffering a distributed denial-of-service (DDoS) attack and a data breach that exposed 31 million user records. On October 9, visitors to archive.org encountered a JavaScript alert indicating that a hacker had compromised the website and stolen a user authentication database. The alert directed users to the “Have I Been Pwned” (HIBP) website, where the stolen data was shared.

Troy Hunt, the creator of HIBP, confirmed that the threat actor provided the Internet Archive’s authentication database nine days prior. The 6.4GB SQL file, named “ia_users.sql,” contains email addresses, screen names, password change timestamps, bcrypt-hashed passwords, and other internal data. The most recent timestamp on the records is September 28th, 2024, which is likely the date of the breach.

Hunt contacted affected users, including cybersecurity researcher Scott Helme, who verified the authenticity of the exposed data. Despite initiating a disclosure process with the Internet Archive, Hunt has not received a response. In addition to the data breach, the Internet Archive experienced a DDoS attack claimed by the hacktivist group BlackMeta, who also indicated plans for further attacks.

Restoring site functionality after attack

The connection between the data breach and the DDoS attacks remains unclear. Internet Archive founder Brewster Kahle confirmed the incidents, stating that the organization has disabled the compromised JavaScript library, is scrubbing systems, and upgrading security.

Additional attacks have taken the archive.org and openlibrary.org websites offline again. As of early Wednesday UTC, the Internet Archive website intermittently loaded different versions of the homepage, with some services remaining unavailable. Kahle announced that the Wayback Machine, responsible for preserving web page snapshots, is now “running strong” but noted that efforts are still underway to restore other archive items and services safely.

Network visibility firm Netscout reported that the DDoS attack lasted around three hours and twenty minutes, generating approximately five gigabits per second of traffic. The attack targeted three IP addresses used by the Archive and employed TCP RST floods and HTTPS application layer attacks. Netscout identified characteristics pointing to Mirai malware variants, likely originating from home entertainment and IoT devices in Korea, China, and Brazil.

The Internet Archive continues to prioritize the security of its digital collections while cautiously restoring its services. Kahle emphasized the organization’s focus on ensuring data safety, projecting that system enhancements and examinations will take days, not weeks.

Feeling stuck in self-doubt?

Stop trying to fix yourself and start embracing who you are. Join the free 7-day self-discovery challenge and learn how to transform negative emotions into personal growth.

Join Free Now

Picture of Becca Williams

Becca Williams

Becca Williams is a writer, editor, and small business owner. She writes a column for Smallbiztechnology.com and many more major media outlets.

RECENT ARTICLES

TRENDING AROUND THE WEB

Men who are uncomfortable with physical affection often had these 8 experiences when growing up

Men who are uncomfortable with physical affection often had these 8 experiences when growing up

Global English Editing

People who are so loyal they often stay in toxic relationships usually display these 8 traits, according to psychology

People who are so loyal they often stay in toxic relationships usually display these 8 traits, according to psychology

Global English Editing

If you really want to find the right person, let go of these 8 self-sabotaging behaviors

If you really want to find the right person, let go of these 8 self-sabotaging behaviors

Global English Editing

4 zodiac signs who struggle the most with self-doubt

4 zodiac signs who struggle the most with self-doubt

Baseline

7 subtle habits you probably don’t realize are holding you back in life

7 subtle habits you probably don’t realize are holding you back in life

Small Business Bonfire

If you genuinely want to find your soulmate one day, say goodbye to these 8 behaviors

If you genuinely want to find your soulmate one day, say goodbye to these 8 behaviors

Baseline