News
Internet Archive Suffers Data Breach Amid DDoS Attack
The Internet Archive, a digital library and repository for internet content, experienced a significant security breach on Wednesday afternoon. The news of the breach was first reported by The Verge on October 9, 2024, after users visiting the website were confronted with a pop-up notification claiming the site had been hacked. The breach was confirmed by Brewster Kahle, the founder of the Internet Archive, who stated that the website suffered defacement through a compromised JavaScript library.
The notification read: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” This message referred to Have I Been Pwned (HIBP), a site that allows users to check if their personal information has been compromised in data breaches. HIBP operator Troy Hunt confirmed receiving a file nine days before the incident, containing “email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data” for 31 million unique email addresses. Hunt verified its legitimacy by matching data with a user’s account.
A report indicated that 54 percent of the compromised accounts were already listed in HIBP’s database from previous breaches. Troy Hunt disclosed updates on the situation, including his contact with the Internet Archive about the breach on October 6th and the subsequent steps taken towards disclosure.
Throughout the day, access to the Internet Archive was erratic. After dismissing the pop-up, the site would proceed to load, albeit slowly. As of 5:30 PM ET, the site was displaying a placeholder message indicating services were temporarily offline, and directing users to the Internet Archive’s blog for updates.
Jason Scott, an archivist at the Internet Archive, confirmed the organization was experiencing a Distributed Denial-of-Service (DDoS) attack. “According to their Twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands,” Scott said regarding the attackers’ motives.
Late on Wednesday, Brewster Kahle announced measures being taken in response to the breach, which included disabling the vulnerable JavaScript library, increasing security measures, and scrubbing affected systems. Meanwhile, an account on the social media platform X, called SN_Blackmeta, claimed responsibility for the attack and hinted at additional actions targeting the Internet Archive. SN_Blackmeta had also previously claimed responsibility for a similar attack on the Archive in May.
The organization has been reached out for further comments and updates concerning the incident while they continue efforts to restore full functionality and secure user data.