The Internet Archive, famed for its vast digital library and the Wayback Machine, is reeling from a significant cyberattack that has compromised the data of millions of users. The breach, which began with a malicious pop-up message on October 9, revealed alarming news about a security violation affecting 31 million accounts.
Visitors to the Internet Archive were met with a pop-up that read: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” This ominous message marked what is now considered one of the largest breaches in the organization’s history.
Prominent security researcher Troy Hunt, founder of Have I Been Pwned (HIBP), confirmed the breach. Hunt disclosed that the attack occurred in September, leading to the theft of 31 million email addresses, usernames, bcrypt password hashes, and other sensitive internal data. He first received the compromised data on September 30 and alerted the Internet Archive on October 6. Hunt noted the timing of the attack was particularly troubling, coinciding with ongoing denial-of-service (DDoS) attacks that made services like the Wayback Machine unavailable.
Brewster Kahle, the founder of the Internet Archive, shared updates on social media, stating, “What we know: DDOS attack — fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it.”
The hacktivist group known as SN_BlackMeta has claimed responsibility for the DDoS attacks, although their involvement in the actual data breach is not yet confirmed. This group is suspected of being behind other major cyber incidents this year, including an extended DDoS attack on a financial institution in the Middle East.
In a message on X (formerly Twitter), SN_BlackMeta stated, “The Internet Archive has and is suffering from a devastating attack. We have been launching several highly successful attacks for five long hours, and to this moment, all their systems are completely down.” They have hinted at more attacks, targeting the Internet Archive due to its connections to the U.S., which they accuse of supporting Israel.
As a result of this breach, the Internet Archive has exposed a staggering amount of user data, including 31 million unique email addresses and hashed passwords. While bcrypt is considered a strong encryption method, users are strongly advised to change their passwords, especially if they use the same passwords across different sites. Hunt reported that 54% of the compromised email addresses were already in the HIBP database due to prior breaches.
Bleeping Computer, which broke the news of the breach, confirmed the authenticity of the stolen data. Users who registered accounts with the Internet Archive have received notifications from HIBP about their compromised data.
The Internet Archive is grappling with these cyberattacks while facing legal troubles. Recently, they lost a major copyright lawsuit against several book publishers, which could result in damages exceeding $621 million if a pending case from music labels goes against them. Kahle expressed concern over both the ongoing legal battles and the cyberattacks, emphasizing the organization’s commitment to recovering from this crisis.
For users of the Internet Archive, the priority is to change passwords and be cautious about downloads or files from the site until it is confirmed that the breach has been resolved. Cybersecurity experts recommend avoiding any interactions with the Internet Archive until it is deemed secure again.
Despite these challenges, Kahle and his team are dedicated to enhancing security measures. He explained that “scrubbing systems” involves filtering out harmful traffic to safeguard against DDoS attacks.