Massive hack hits Internet Archive, compromising millions of user accounts

Prospective: Who doesn’t love the Wayback Machine? Apparently, its respected status on the Internet has not deterred hackers, who recently stole the data of 31 million users. This incident is a reminder of the ongoing challenges of maintaining cybersecurity.

The Internet Archive, a nonprofit digital library that preserves Internet history and hosts the beloved Wayback Machine, suffered a major data breach affecting 31 million users. The incident came to light when visitors to the site encountered an unauthorized JavaScript pop-up message claiming that a “catastrophic security breach” had occurred.

Troy Hunt, founder of data breach notification service Have I Been Pwned (HIBP), confirmed the authenticity of the breach. The stolen data includes email addresses, usernames, password hashes and other system information. Hunt received the 6.4 GB database containing 31 million unique records from the hacker and plans to add it to HIBP, which will allow users to check whether their information has been compromised.

Hello friends, yes, I am aware of this. I have been in communication with the Internet Archive over the past few days regarding the data breach. I didn’t know the site had been defaced until people started pointing it out to me just now. More soon. https://t.co/uRROXX1CF9

– Troy Hunt (@troyhunt) October 9, 2024

In addition to the data breach, the Internet Archive has been grappling with a series of distributed denial of service (DDoS) attacks, disrupting its services. In response, Brewster Kahle, founder of the Internet Archive and current digital librarian, said they were actively strengthening their defenses to provide more reliable access to their collections.

Kahle addressed the security incidents in a public update. It confirmed the DDoS attack, website defacement via JavaScript library, and user data breach. As a countermeasure, the organization has disabled the compromised JavaScript library and is currently improving its security measures.

Hacktivist group BlackMeta claimed responsibility for the DDoS attacks and threatened further action against the digital library. However, the perpetrator of the data breach remains unknown.

This security incident comes at a difficult time for the Internet Archive, which is already facing legal battles. The organization recently lost an appeal in a copyright lawsuit brought by book publishers and now faces another potentially devastating lawsuit from music labels. Last June, the online library was forced to remove around 500,000 titles from its collection, which IA described as a “devastating loss” for readers who rely on the platform to access otherwise hard-to-find books.

This latest breach has heightened concerns about the security of nonprofit organizations that provide valuable online services. Many users and cybersecurity experts have sympathized with the Internet Archive, recognizing its importance as a digital repository. In fact, according to a recent study by the Pew Research Center, around 25% of web pages published between 2013 and 2023 have already disappeared. For older content, this trend is even more marked. Some 38% of web pages that existed in 2013 are unavailable today, compared to 8% in 2023.

As the situation evolves, Internet Archive users are advised to change their passwords and remain vigilant for possible phishing attempts or unauthorized access to their accounts.

Title: John Blyberg