On October 9, 2024, users visiting the Internet Archive"s website encountered a pop-up message stating that the site had been hacked. The alert stated:
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
HIBP refers to the service Have I Been Pwned that allows people to check if their personal information has been compromised in data breaches. Brewster Kahle, founder of Internet Archive, confirmed the incident. The breach involved around 31 million user accounts.
The data breach involved sensitive information including email addresses, usernames, Bcrypt-hashed passwords, and even timestamps for password changes. Troy Hunt, the creator of HIBP, confirmed that the stolen data was legit to BleepingComputer, and added that over half of these accounts had previously been compromised in other breaches as well. The threat actor shared a 6.4GB database containing this information with Hunt before the Internet Archive publicly announced the incident.
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
— Brewster Kahle (@brewster_kahle) October 10, 2024
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
In response to the attack, the Internet Archive temporarily shut down its services. Kahle also said on X that the organization disabled the compromised JavaScript library used during the attack and was working on enhancing its security measures. The Internet Archive is currently scrubbing its systems to prevent any further issues.
Alongside the data breach, the Internet Archive also faced a few DDoS attacks. An account called SN_Blackmeta claimed responsibility for these DDoS attacks and said that another attack was on the way, which happened indeed, as confirmed by Kahle. The same X account also claimed responsibility for the DDoS attacks that happened in May this year.
Neowin encourages Internet Archive users to change their passwords and monitor their accounts for any suspicious activity.