The Internet Archive is the type of target you’d hope never gets exposed. The organization’s Wayback Machine is a digital archive of the internet, and thus, contains an absolute goldmine of data. Yet, here we are. Data breaches and hacks happen all the time, but I’ve never seen so much vitriol toward the hackers on Twitter and Reddit than with this incident. People are already comparing it to the burning of the library of Alexandria.
So, what happened? The situation is ongoing, but here’s what we know right now, starting with the data breach. Hacking group SN_Blackmeta allegedly stole 31 million emails, passwords, and usernames from the Internet Archive’s Wayback Machine in an attack that likely occurred on September 28, 2024, according to Bleeping Computer reports.
Users discovered the breach when the following pop-up message was displayed using a JavaScript library: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!.”
The breach was confirmed when Troy Hunt, the creator of Have I Been Pwned, told Bleeping Computer that the hackers shared the Internet Archives’ authentication database nine days ago. The database is a 6.4GB SQL file called “ia_users.sql.”
Other data stolen include Bcrypt-hashed passwords, password change time stamps, and other internal data. The latest time stamp gave the September date as the breach date. The stolen data should be added to the HIBP site so users can check if their data is compromised. So far, there is no official information on how the hackers stole the information or if any other data was compromised.
Separately, the Internet Archive owner, Brewster Khale, also confirmed a DDoS attack that brought the site down. A Distributed Denial of Service (DDoS) attack floods a website with malicious traffic to slow it or shut it down completely. According to Kahle, the first DDoS attack appears to have happened on October 8, taking archive.org down, only to have the same attack repeated on October 10.
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
— Brewster Kahle (@brewster_kahle) October 10, 2024
The hackers have reportedly confirmed that this is not the only attack they will perform since they have confirmed additional attacks. To sum it up, the site is experiencing two types of attacks: DDoS and data breach, but right now, the two haven’t officially been linked.
The last official update from the Internet Archive was from early this morning, and archive.org remains down.
Related Posts
Acer reveals Veriton compact PC to tackle the Mac mini with AMD Ryzen and plenty of AI mojo
Acer is making a direct play in that space with the Veriton RA110 AI Mini Workstation, a compact desktop that runs on AMD's Ryzen AI Max+ 395 processor, aimed at the same desk-bound professional who wants power without the tower.
Acer’s Swift Air 14 is a peppy MacBook Neo rival with some cool upgrades and a $699 ask
At a time when even mainstream laptops are creeping toward four-figure price tags, Acer’s latest machine feels refreshingly straightforward. It’s aimed at students, remote workers, and anyone who wants a laptop that looks and feels expensive without draining their bank account. The Swift Air 14 is powered by Intel’s new Core Series 3 processors and delivers up to 19 hours of battery life. That’s the sort of endurance that could realistically get many users through a full workday and beyond without scrambling for a charger.
Google Drive can now batch-scan your documents and spare you a few other frustrations, too
Well, Google Drive's new document scanner redesign fixes all three problems at once. Announced by Sameer Samat, the President of Android Ecosystem at Google, the feature is now rolling out for Android users.