Internet Archive suffers major data breach and DDoS

Data of 31 million users exposed

Image:
Internet Archive suffers major data breach and DDoS. Source: Internet Archive, Public domain, via Wikimedia Commons

The Internet Archive, a non-profit digital library best known for its "Wayback Machine" web archiving tool, has suffered a major data breach, exposing the personal information of 31 million users.

The breach came to light on Wednesday when visitors to archive[.]org were met with a JavaScript alert on the website.

The message taunted the Internet Archive's security measures and announced the leaked data on a service called "HIBP."

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," the message stated.

HIBP, short for Have I Been Pwned, is a website created by security researcher Troy Hunt that allows users to check if their email addresses have been compromised in data breaches.

Hunt told BleepingComputer that the hackers shared a 6.4GB database with HIBP nine days ago.

The database (a SQL file named ia_users.sql) included email addresses, usernames, timestamps of password changes, and passwords encrypted using bcrypt.

Hunt said the file contains 31 million unique email addresses. The most recent timestamp on the stolen records is from 28th September 2024, which is likely when the data was compromised.

HIBP service will soon allow users to enter their email addresses and find out if their information was exposed.

Hunt said he contacted some individuals listed in the database, including cybersecurity researcher Scott Helme, who verified that the details in the leaked data matched his own records stored securely in a password manager.

A vital resource

Internet Archive is a vital resource for researchers, students and the general public. It preserves billions of webpages, texts, audio recordings, and other valuable digital resources.

While the cause of the breach remains unknown, the incident coincides with a distributed denial-of-service (DDoS) attack on the Internet Archive website.

The attack, which took archive[.]org and openlibrary[.]org offline, has been claimed by the SN_BlackMeta hacktivist group.

The group said on X that it had launched "highly successful attacks for five long hours" and vowed to continue its efforts. The group is believed to be affiliated with the pro-Palestinian movement.

While SN_BlackMeta has claimed responsibility for the attack, its direct involvement in the data breach is unclear.

Internet Archive founder, Brewster Kahle, confirmed the data breach on social media platform X.

Kahle stated that the attackers used a compromised JavaScript library to display the message on the website. He reassured users that the nonprofit is taking steps to address the situation, including disabling the compromised code, investigating the breach and upgrading security measures.

Archive[.]org and openlibrary[.]org are currently offline, suggesting that DDoS attacks are ongoing.

Jason Meller, VP of Product at 1Password, has warned users to exercise caution until the situation is resolved.

"Based on publicly available evidence, the site has been thoroughly compromised," Meller said.

"Given the severity of this breach and until they have had time to fully investigate, my strong recommendation is to avoid browsing or using any files obtained from the site until they have declared an 'all clear'."