Connect with us

News

Internet Archive Hit by Data Breach and DDoS Attack

Published

on

Internet Archive Data Breach

On the afternoon of October 9, 2024, users visiting the website of The Internet Archive witnessed a suspicious pop-up message claiming that the site had been hacked. The message indicated that “31 million of you” had their details leaked, directing users to the Have I Been Pwned (HIBP) service to verify if their data had been compromised.

HIBP, a breach notification service operated by Troy Hunt, confirmed the validity of the breach to numerous outlets. Hunt received a file containing sensitive data from The Internet Archive’s user database, which included email addresses, screen names, timestamped password changes, Bcrypt-hashed passwords, among other pieces of information. This database was said to be 6.4GB in size and covered 31 million unique email accounts.

According to statements from Hunt, the Internet Archive had been informed of this security breach approximately three days before it was publicly disclosed, with Hunt planning to notify affected users via HIBP. “The data is authentic,” Hunt stated, citing confirmations from users whose details matched records in his breach notifications.

In a parallel incident, the Internet Archive became the target of a Distributed Denial-of-Service (DDoS) attack. The attack temporarily took the website offline, leaving only a placeholder page that informed visitors of the downtime and directed them to social media for updates.

Jason Scott, a notable figure at The Internet Archive, acknowledged the DDoS attack and described it as “chaotic,” while emphasizing that the perpetrators appeared to act without articulating any specific demands. Meanwhile, Brewster Kahley, another representative, confirmed that the DDoS attack occurred consecutively over two days.

The BlackMeta hacktivist group, through an account on X, claimed responsibility for the attack and hinted at further actions. The group has been associated with previous disruptions aimed at the Archive, as noted by Scott.

Despite the alarming breach and attack, The Internet Archive has yet to provide an official statement detailing how the breach occurred or addressing the potential impacts on its services and user data security.

Recent Posts