Internet Archive rocked by massive breach, more than 31 million users impacted.

October 20th, 2024
Internet Archive rocked by massive breach, more than 31 million users impacted.

A vast digital library in chaos, rows of server rackers glowing red with warning lights, sparks flying from damaged equipment, data streams fragmenting and dissolving into the air, a hooded figure lurking in the shadows, digital style, dramatic lighting.

The Internet Archive is reeling after its Wayback Machine was hit by a massive cyber attack, exposing 31 million users.

The vast data breach occurred after the hackers exploited the website, obtaining a user authentication database containing an array of user details and credentials.

An illicit JavaScript pop-up appeared on the Internet Archive on Wednesday, with the hackers boasting that a major incident had taken place.

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” read the alert.

HIBP refers to the Have I Been Pwned data breach notification portal created by Troy Hunt, who threat actors often share information with. The details of stolen data are then added to the service.

Later on Wednesday, the Internet Archive acknowledged the incident.

It was founded in 1996 and provides a digital library, with free access to collections of digitized materials including websites and software applications. The Wayback Machine has billions of archived web pages, with the organization eager to ensure that the digital record remains accessible for future generations.

Last month, Google confirmed it would add links to archived websites through the Wayback Machine.

Hunt claims more than half of the impacted accounts were breached previously

Hunt took to X to discuss

the huge data breach, providing further details.

He revealed the attack was carried out in September, and the database consisted of more than 31 million unique email addresses.

HIPB also stated 54 percent of the compromised accounts were already listed in its database from previous breaches.

The Internet Archive has had to contend with a series of distributed denial-of-service attacks (DDOS) which has occasionally disrupted its operations, in addition to the breach attempts.

Related video: The Wayback Machine returns in limited capacity after recent attacks (Straight Arrow News)

On Wednesday evening, Internet Archive founder

What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.

What we've done: Disabled the JS library, scrubbing systems, upgrading security.

Will share more as we know it.

— Brewster Kahle (@brewster_kahle) October 10, 2024 Brewster Kahle posted on X to provide a public update on the situation.

He wrote, "What we know: DDOS attack-fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we've done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it."

"Scrubbing systems" refers to services that offer protection from DDoS attacks by filtering malicious junk traffic so it can’t overrun and disrupt a website.

At the time of writing, the Internet Archive has not responded to requests for a comment from several media outlets.


Leave a comment!

Your email address will not be published. Required fields are marked *

Avoid losing your business to data loss. Get our FREE eBook to learn how.Download now
+ +