Going live with my weekly update in 10 minutes! Home in Australia Again; Muah[.]AI Image Prompt Nastiness; Internet Archive Hacked Thrice; National Public Data is Dead https://t.co/xp3CO3yfEK
— Troy Hunt (@troyhunt) October 11, 2024
The Internet Archive, a nonprofit digital library known for its Wayback Machine service, has suffered a significant data breach and ongoing DDoS attacks. The incident, claimed by a pro-Palestinian hacktivist group called SN_BlackMeta, has compromised the personal information of 31 million users. Visitors to the Internet Archive’s website were greeted with a pop-up message indicating that the site had been hacked.
The data is safe.
Services are offline as we examine and strengthen them. Sorry, but needed. @internetarchive staff is working hard.
Estimated Timeline: days, not weeks.
Thank you for the offers of pizza (we are set).
— Brewster Kahle (@brewster_kahle) October 11, 2024
The message read, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
Update: @internetarchive’s data has not been corrupted. Services are currently stopped to upgrade internal systems.
We are working to restore services as quickly and safely as possible.
Sorry for this disruption.
— Brewster Kahle (@brewster_kahle) October 10, 2024
Troy Hunt, founder of the data breach notification service Have I Been Pwned (HIBP), confirmed receiving a database containing email addresses, screen names, bcrypt-hashed passwords, and other internal data for 31 million unique email addresses associated with the Internet Archive.
Hunt mentioned that 54 percent of the compromised email addresses were already present in the HIBP database from previous breaches. Brewster Kahle, founder and digital librarian of the Internet Archive, acknowledged the breach and ongoing DDoS attacks in a post on X (formerly Twitter). He stated, “What we know: DDoS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
Internet Archive breach affects millions
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it.”
The compromised data appears to have been obtained through the exploitation of a JavaScript library used by the Internet Archive, which allowed the attacker to deface the website and display the pop-up message.
The leaked database, a 6.4GB SQL file named “ia_users.sql,” contained records up to September 28, 2024, suggesting the breach occurred around that time. Cybersecurity experts have advised users to change their passwords and avoid using any files from the site until it is declared safe. Jason Meller, VP of Product at 1Password, commented, “Based on publicly available evidence, the site has been thoroughly compromised.
Their database has been exfiltrated, indicating that the back-end infrastructure was accessible, and their pages have been defaced, suggesting that the attackers have some degree of control over the web content served to users.”
The Internet Archive, founded in 1996, aims to provide “universal access to all knowledge” and houses billions of webpages, texts, audio recordings, videos, and software applications. Its most-used service is the Wayback Machine, which allows users to browse archived versions of websites. Due to the ongoing DDoS attacks, the Internet Archive’s website is experiencing significant downtime, with services being temporarily offline.
The organization has directed users to its social media accounts for updates on the situation.
