When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Internet Archive confirms data breach of over 31 million accounts, suffers many DDoS attacks

Internet Archive logo

On October 9, 2024, users visiting the Internet Archive's website encountered a pop-up message stating that the site had been hacked. The alert stated:

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”

HIBP refers to the service Have I Been Pwned that allows people to check if their personal information has been compromised in data breaches. Brewster Kahle, founder of Internet Archive, confirmed the incident. The breach involved around 31 million user accounts.

The data breach involved sensitive information including email addresses, usernames, Bcrypt-hashed passwords, and even timestamps for password changes. Troy Hunt, the creator of HIBP, confirmed that the stolen data was legit to BleepingComputer, and added that over half of these accounts had previously been compromised in other breaches as well. The threat actor shared a 6.4GB database containing this information with Hunt before the Internet Archive publicly announced the incident.

In response to the attack, the Internet Archive temporarily shut down its services. Kahle also said on X that the organization disabled the compromised JavaScript library used during the attack and was working on enhancing its security measures. The Internet Archive is currently scrubbing its systems to prevent any further issues.

Alongside the data breach, the Internet Archive also faced a few DDoS attacks. An account called SN_Blackmeta claimed responsibility for these DDoS attacks and said that another attack was on the way, which happened indeed, as confirmed by Kahle. The same X account also claimed responsibility for the DDoS attacks that happened in May this year.

Neowin encourages Internet Archive users to change their passwords and monitor their accounts for any suspicious activity.

Report a problem with article
X featured image
Next Article

Creators on X will now get paid based on Premium subscribers and not ads, as revenue dips

The Calendar Flyout app
Previous Article

Calendar Flyout 2.1 brings Google Calendar and Meet support to Windows 11's taskbar

Join the conversation!

Login or Sign Up to read and post a comment.

1 Comment - Add comment