The Internet Archive, home to the Wayback Machine, a vital digital repository of online history, is a target that many would hope remains safe from harm. However, recent events have shaken this belief. Data breaches and cyberattacks are unfortunately common, but the intensity of the backlash against the hackers in this case, particularly on platforms like Twitter and Reddit, has been unprecedented. Some have even drawn parallels to the destruction of the Library of Alexandria.
So what exactly transpired? The details are still unfolding, but here’s what we currently know regarding the security breach. An alleged attack from the hacking group SN_Blackmeta has resulted in the theft of approximately 31 million usernames, emails, and passwords from the Internet Archive’s Wayback Machine. Reports, including those from Bleeping Computer, indicate that this breach likely took place on September 28, 2024.
Users first became aware of the breach when they encountered a pop-up message generated by a JavaScript library, declaring: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
The breach was substantiated by Troy Hunt, the founder of Have I Been Pwned, who informed Bleeping Computer that the hackers had disseminated the Internet Archive’s authentication database about nine days prior. This database consists of a 6.4GB SQL file titled “ia_users.sql.”
Other compromised data includes Bcrypt-hashed passwords, timestamps of password changes, and various internal information. The timestamps indicate that the breach occurred in September. Efforts are underway to incorporate the stolen data into the HIBP website, allowing users to verify if their information has been compromised. However, as of now, no official details have emerged regarding the method of the breach or if additional data was at risk.
In a related incident, Brewster Kahle, the founder of the Internet Archive, confirmed that the site was also subjected to a Distributed Denial of Service (DDoS) attack. This type of attack overwhelms a site with excessive traffic to render it slow or entirely unresponsive. Kahle reported that the initial DDoS attack occurred on October 8, impacting archive.org, and was followed by a repeat attack on October 10.
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
— Brewster Kahle (@brewster_kahle) October 10, 2024
The hackers have hinted that this breach may not be their last, indicating they plan to execute more attacks. In summary, the Internet Archive is currently facing two distinct threats: a DDoS attack and a data breach. As of now, there’s no confirmed link between the two incidents.
The latest official communication from the Internet Archive was issued earlier today, and the site remains inaccessible at archive.org.