Internet Archive hacked, sensitive data of 31 million users exposed

[Innovabble]

 

In a major cybersecurity breach, the Internet Archive—a prominent non-profit digital library famous for its Wayback Machine—was hit by a series of large-scale Distributed Denial of Service (DDoS) attacks. The attacks, which started earlier this week, temporarily took the site offline, alarming users with a concerning message about a massive data breach.

The message, displayed on the Archive’s main website, web.archive.org, ominously read: 'Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!' This cryptic note directed users to 'Have I Been Pwned' (HIBP), a well-known platform that tracks data breaches and informs users if their information has been compromised.

A tweet from HIBP revealed that around 54% of the exposed accounts had already been flagged in previous breaches. HIBP’s founder, security researcher Troy Hunt, shared that he had been in touch with the Internet Archive since October 6th to help coordinate the disclosure of the breach. Ironically, while the site was in the process of uploading the breach data to HIBP to alert users, it was defaced and bombarded with a DDoS attack.

The breach exposed sensitive data from 31 million user accounts, including email addresses, screen names, and password hashes protected by bcrypt encryption. Brewster Kahle, founder of the Internet Archive, confirmed that hackers exploited a vulnerability in one of the site’s JavaScript libraries to carry out the attack. The compromised library has since been disabled, and the Archive is now working to bolster its security measures.

The hacking group behind the attack appears to be Russia-based 'SN_BLACKMETA,' which claimed responsibility through an account on the platform X (formerly Twitter). The group had previously bragged about launching a DDoS attack on the Internet Archive in May and has a history of targeting the Archive’s services.

While the timing of the DDoS attack coincided with the breach disclosure, Troy Hunt suggested it was likely a coincidence, indicating the possibility of multiple parties being involved. “It’s clearly not just one attack,” Hunt noted, emphasizing that the overlapping events might point to separate actors.

In response, the Internet Archive is working diligently to restore full functionality while reassuring users of their data’s safety. As a precaution, users with accounts on the platform are urged to update their passwords and remain vigilant.

 

This incident serves as a reminder of the persistent threat of cyberattacks and highlights the critical need for strong cybersecurity practices to protect both digital infrastructure and user data.

 

• https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/
• https://www.theverge.com/2024/10/9/24266419/internet-archive-ddos-attack-pop-up-message
• https://www.pcmag.com/news/hacker-defaces-internet-archive-claims-it-suffered-a-breach

 

Image: Transversospinales | Dreamstime.com