The Internet Archive recently suffered a data breach that exposed the information of millions of users. Attackers not only accessed email addresses and encrypted passwords but also launched DDoS attacks and defaced the website’s JavaScript.1
To protect users, the Archive team took the site offline temporarily to mend security issues and strengthen protection.
Here’s what happened.
Wayback Machine Breach
On October 9, the Internet Archive’s popular tool, the Wayback Machine, has recently experienced a data breach, compromising its user authentication database. This breach exposed 31 million records, which puts user information at risk.
The Wayback Machine is a digital time capsule that lets you view archived versions of websites. It’s a trusted tool for people who want to explore how websites looked in the past or retrieve lost content. However, with this breach, the website’s security was compromised, leading to concerns about data privacy for its many users.
News of the incident spread quickly when visitors to the Internet Archive’s site, archive.org, saw a message created by the threat actor. This message, appearing as a JavaScript alert, warned users that the site had been breached.
Here’s What Happened
The recent cyberattacks on the Internet Archive first appeared in late September. The threat actor sent Troy Hunt, who runs the “Have I Been Pwned service,” a file stolen from the Internet Archive. After reviewing it, Hunt confirmed that the file contains over 31 million records from Internet Archive users.
The stolen database, a 6.4GB file called “ia_users.sql,” includes key user details like email addresses, screen names, Bcrypt-hashed passwords, timestamps for password changes, and other internal information for registered members.
The breach comes just after the Internet Archive was hit with a Distributed Denial-of-Service (DDoS) attack, claimed by the alleged pro-Palestinian group SN Blackmeta, which has also warned of further attacks.
If you have an Internet Archive account, it’s a good idea to check HIBP to see if your data was exposed, change your password, and watch for suspicious activity.
Three Major Issues
On October 10, 2024, Internet Archive founder Brewster Kahle shared the recent data breach, explaining that the hacker used a JavaScript library to display alerts to website visitors. Kahle noted that they’ve dealt with three major issues so far: a DDoS attack (now temporarily under control), website defacement through the JavaScript tool, and the exposure of usernames, emails, and encrypted passwords.
In response, the team has disabled the compromised JavaScript, cleaned their systems, and begun strengthening security. However, a new wave of DDoS attacks has since taken archive.org and openlibrary.org offline again.
Breached Again
The data breach and the DDoS attacks were not related. On October 20, 2024, the Internet Archive has confirmed a third security breach. As the Internet Archive gradually returns to read-only mode, the unnamed threat actor, who was responsible for the initial data breach that exposed 31 million users (not SN_Blackmeta), found a way into the archive’s systems when they discovered exposed GitLab authentication tokens on one of the archive’s servers, giving them access since at least December 2022.
The threat actor, who contacted BleepingComputer, clarified that the breach wasn’t politically or financially motivated—it happened simply because the vulnerability was there.
Meanwhile, rumors swirled online, with some speculating that governments or corporations were behind the attack due to past copyright disputes with the Internet Archive. But it turns out, this breach was about opportunity, not a larger agenda.
To date: The Internet Archive, and its Wayback Machine engine, are now up and running.
*All screenshots provided by the 2Secure Corp Team
FAQ
Was The Internet Archive Hacked?
Yes, the Internet Archive was hacked. Different threat actors have gotten into their systems through DDoS attacks, accessing user data, like emails and encrypted passwords, and finding exposed authentication tokens. The Internet Archive is resolving this issue and improving its security, so you may want to update your password if you have an account.
Can DDoS Cause Data Breach?
A DDoS attack alone doesn’t cause a data breach. A DDoS attack floods a website with traffic to make it crash, but it doesn’t access or steal data. However, it can be a distraction, allowing hackers to try other methods to get into the system and possibly cause a data breach.
How To Protect From Data Breaches & DDoS Attacks?
To protect against data breaches and DDoS attacks, use strong endpoint protection on all your devices. Endpoint protection helps by blocking and filtering unwanted traffic, detecting dubious activity, and keeping attackers from finding vulnerabilities. 2Secure also recommends patching your systems, using multi-factor authentication (MFA) for your accounts, and setting a backup and recovery plan, just in case.
Source:
- Kahle, B. (2024, October 18). Internet Archive Services Update: 2024-10-17. Archive.org. https://blog.archive.org/2024/10/18/internet-archive-services-update-2024-10-17/
