The Internet Archive, a nonprofit digital library known for its Wayback Machine, has suffered a significant data breach compromising the user authentication database containing records of 31 million unique users. The breach was publicly revealed on Wednesday when visitors to archive.org were greeted with a JavaScript alert crafted by the hacker, declaring the security breach and referencing the breach notification service Have I Been Pwned (HIBP). Troy Hunt, the creator of HIBP, confirmed receiving the Internet Archive’s authentication database, a substantial 6.4GB SQL file containing sensitive information such as email addresses, screen names, password change timestamps, bcrypt-hashed passwords, and other internal data.
The most recent timestamp found was September 28, 2024, indicating when the database might have been stolen. Hunt verified the authenticity of the data by contacting several users listed in the leak, including cybersecurity researcher Scott Helme, who confirmed that the bcrypt-hashed password matched the one stored in his password manager. Hunt began the disclosure process with the Internet Archive three days before making the data public on HIBP, but as of now, he has not received a response from the organization.
Following the breach, the Internet Archive came under a DDoS attack claimed by the BlackMeta hacktivist group, who announced further intentions to target the site. However, it is not implied that the DDoS attacks are directly linked to the initial data breach. Internet Archive founder Brewster Kahle acknowledged the breach and specified that the hacker exploited a JavaScript library to display alerts to users.
Kahle tweeted about the actions taken, including disabling the JS library, scrubbing systems, and upgrading security measures.
User data compromised in breach
Despite their efforts, continued DDoS attacks have intermittently taken archive.org and openlibrary.org offline.
As of October 20, 2024, the Internet Archive faced another attack, this time affecting their Zendesk support email system. The specifics of these subsequent attacks and their connections to the initial breach are still under investigation. The Internet Archive, based in San Francisco, provides free access to an extensive collection of digitized websites, software applications, and print materials.
The organization has assured users that its large repository of archival material is safe despite the breach. Kahle highlighted the escalation of cyberattacks on libraries and expressed hope that such incidents are not becoming a trend. The Internet Archive experienced its first attack in May since its founding in 1996, leading to intermittent outages.
The nonprofit organization is also contending with legal challenges over its digitization efforts, with potential fines threatening its operations. The Internet Archive has been contacted for further details on the recent breach and its impact on users. This breach underscores the significant threats faced by online repositories and the need for robust cybersecurity measures to protect critical digital resources and user data.
The attacks come at a time when the Internet Archive’s services are crucial for maintaining a record of information, especially in the context of the upcoming election and the need to combat disinformation.