The Internet Archive is the type of target you’d hope never gets exposed. The organization’s Wayback Machine is a digital archive of the internet, and thus, contains an absolute goldmine of data. Yet, here we are. Data breaches and hacks happen all the time, but I’ve never seen so much vitriol toward the hackers on Twitter and Reddit than with this incident. People are already comparing it to the burning of the library of Alexandria.
So, what happened? The situation is ongoing, but here’s what we know right now, starting with the data breach. Hacking group SN_Blackmeta allegedly stole 31 million emails, passwords, and usernames from the Internet Archive’s Wayback Machine in an attack that likely occurred on September 28, 2024, according to Bleeping Computer reports.
Users discovered the breach when the following pop-up message was displayed using a JavaScript library: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!.”
The breach was confirmed when Troy Hunt, the creator of Have I Been Pwned, told Bleeping Computer that the hackers shared the Internet Archives’ authentication database nine days ago. The database is a 6.4GB SQL file called “ia_users.sql.”
Other data stolen include Bcrypt-hashed passwords, password change time stamps, and other internal data. The latest time stamp gave the September date as the breach date. The stolen data should be added to the HIBP site so users can check if their data is compromised. So far, there is no official information on how the hackers stole the information or if any other data was compromised.
Separately, the Internet Archive owner, Brewster Khale, also confirmed a DDoS attack that brought the site down. A Distributed Denial of Service (DDoS) attack floods a website with malicious traffic to slow it or shut it down completely. According to Kahle, the first DDoS attack appears to have happened on October 8, taking archive.org down, only to have the same attack repeated on October 10.
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
— Brewster Kahle (@brewster_kahle) October 10, 2024
The hackers have reportedly confirmed that this is not the only attack they will perform since they have confirmed additional attacks. To sum it up, the site is experiencing two types of attacks: DDoS and data breach, but right now, the two haven’t officially been linked.
The last official update from the Internet Archive was from early this morning, and archive.org remains down.