The Internet Archive breach has resulted in the exposure of 31 million user accounts, leaving many concerned about the security of their personal information. The breach was first revealed on Wednesday when visitors to the Internet Archive site encountered a pop-up warning about the attack.
The message referred users to Have I Been Pwned (HIBP), a platform where individuals can check if their information has been compromised in data leaks. HIBP’s operator, Troy Hunt, confirmed that he received a file containing data from the Internet Archive breach, which included email addresses, screen names, and bcrypt-hashed passwords.
This cyberattack coincided with a Distributed Denial of Service (DDoS) attack, which further disrupted the Internet Archive’s services. As a result, the site briefly went offline, with visitors encountering a message stating that its services were temporarily unavailable.
Let me share more on the chronology of this:
30 Sep: Someone sends me the breach, but I'm travelling and didn't realise the significance
5 Oct: I get a chance to look at it – whoa!
6 Oct: I get in contact with someone at IA and send the data, advising it's our goal to load…— Troy Hunt (@troyhunt) October 9, 2024
Timeline of the Internet Archive breach
The Internet Archive breach was uncovered when HIBP received and validated a file containing sensitive data from the archive’s users. Hunt cross-checked the data and notified the Internet Archive about the breach on October 6th. While the Archive was in the process of handling the situation, the site was also hit by a DDoS attack, slowing down its operations and making it difficult for users to access the platform.
Jason Scott, an archivist at the Internet Archive, noted on Mastodon that the attackers didn’t make any specific demands. The group behind the breach seemed more focused on causing disruption, with no clear motive for the attack.
Security measures following the Internet Archive breach
Brewster Kahle, founder of the Internet Archive, confirmed the Internet Archive breach and outlined the immediate steps taken to secure the platform. The Internet Archive team disabled the compromised JavaScript library that was used to deface the site, while also upgrading their overall security measures. Kahle also hinted that more attacks could be on the horizon, given the aggressive nature of the hackers.
An X account called SN_Blackmeta claimed responsibility for the DDoS attack and the Internet Archive breach, and even suggested that more attacks were planned. This group had previously targeted the Internet Archive in May, indicating a pattern of recurring disruption attempts aimed at the platform.
The Internet archive has and is suffering from a devastating attack We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down.
second round | New attack
09/10/2024 Duration 6 hours… pic.twitter.com/SL9lz4gSld— 𝐒𝐍_𝐁𝐋𝐀𝐂𝐊𝐌𝐄𝐓𝐀 (@Sn_darkmeta) October 9, 2024
The aftermath of Internet Archive data breach
One of the most concerning aspects of the Internet Archive breach is that 54% of the affected accounts were already compromised in previous data breaches, according to HIBP. This raises the risk of further security threats for users who may have reused passwords across multiple platforms.
Even though the Internet Archive is back online, the platform continues to work on improving its security and restoring full functionality.
Users are advised to follow the Internet Archive’s official X account for updates on the recovery process.
Is it safe to use the Internet Archive?
Using the Internet Archive can still be considered relatively safe, but there are important factors to keep in mind, especially in light of recent security incidents like the Internet Archive breach.
Following the breach, the Internet Archive has taken steps to enhance its security. They disabled the compromised JavaScript library and upgraded their overall security measures to prevent future incidents. If you have an account with the Internet Archive, it’s crucial to change your password immediately, especially if you reuse passwords across multiple platforms. Using a unique, strong password for each account is a good practice.
The breach involved the exposure of personal information, including email addresses and hashed passwords. If your account information was part of the breach, it’s wise to monitor your email and accounts for any suspicious activity.
Featured image credit: Emre Çıtak/Ideogram AI
