Internet Archive Faces Major Data Breach and DDoS Attacks: What You Need to Know

The Internet Archive, a beloved digital library that has served as a repository of knowledge and history since its inception in 1996, has recently found itself at the center of a cybersecurity storm. A significant data breach has exposed the personal information of 31 million users, while the service has also been targeted by a series of Distributed Denial of Service (DDoS) attacks. This article delves into the details of these incidents, their implications, and what users should be aware of moving forward.

What Happened to the Internet Archive?

The Internet Archive’s flagship service, the Wayback Machine, has been compromised in a data breach that has left many users vulnerable. A threat actor gained unauthorized access to a user authentication database, which included 31 million unique records. Following the breach, visitors to the site were greeted with a JavaScript alert left by the hacker, taunting users about the Archive’s security vulnerabilities.

The alert read: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” This message not only highlighted the breach but also served as a grim reminder of the precarious state of digital security.

Data Available on Have I Been Pwned

The identity of the threat actors remains unknown, but the stolen authentication database was shared with security researcher Troy Hunt, the creator of the popular breach notification service, Have I Been Pwned (HIBP). After verifying the data, Hunt initiated a disclosure process with the Internet Archive, ensuring that affected users would be notified within 72 hours.

The compromised database, a 6.4GB SQL file named “ia_users.sql,” contains sensitive information, including 31 million unique email addresses, bcrypt-hashed passwords, screen names, and other personal data. The most recent timestamp in the database indicates that the breach likely occurred on September 28, 2024. However, the exact method of the breach remains unclear, raising concerns about the potential for further data exposure.

In light of this breach, users are encouraged to utilize tools like SOCRadar’s Breach Dataset module, which continuously monitors compromised datasets across the dark web. Such tools can help identify if any credentials have been leaked and provide insights into ongoing threat actor activities.

DDoS Attacks Targeting the Internet Archive

Just as the Internet Archive was grappling with the fallout from the data breach, it became the target of a series of DDoS attacks. The first wave of these attacks began on October 8, 2024, and was claimed by the hacking group BlackMeta the following day. While the group asserted that their attacks were politically motivated, they also boasted about the effectiveness of their efforts, claiming that the Archive’s systems were completely down for hours.

Who Is BlackMeta?

BlackMeta, a pro-Palestinian hacktivist group that emerged in late 2023, has previously targeted organizations in Israel, the United Arab Emirates, and the United States. Their motivations for attacking the Internet Archive stem from a belief that the organization is aligned with U.S. interests, particularly in the context of the ongoing Palestine-Israel conflict. Despite their claims, it is essential to note that the Internet Archive operates as a non-profit organization, independent of government influence.

The Breach’s Influence on Hacker Landscape

The breach has sparked conversations among various hacker groups, with notable mentions on platforms like Telegram. LulzSec, another well-known hacking group, shared messages from DarkMeta regarding their successful DDoS attacks against the Archive. The attacks reportedly lasted several hours, causing significant disruption to the Archive’s services.

The Archive’s Response to Ongoing DDoS Attacks

In response to the DDoS attacks and the data breach, Brewster Kahle, the founder of the Internet Archive, took to social media to address the situation. He confirmed the ongoing DDoS attacks and outlined the Archive’s actions to mitigate the damage. Kahle noted that the Archive had successfully fended off the initial wave of attacks, which included the defacement of their website and the breach of user data.

To combat these threats, the Internet Archive disabled the compromised JavaScript library and began scrubbing their systems while upgrading security measures. However, Kahle later announced that the DDoS attacks had resumed, leading to the temporary offline status of archive.org and openlibrary.org. The Archive is prioritizing the security of its data, even at the cost of service downtime.

Conclusion

The recent data breach and DDoS attacks on the Internet Archive serve as a stark reminder of the vulnerabilities that exist in our increasingly digital world. As the Archive works to secure its systems and restore services, users must remain vigilant about their personal information and take proactive steps to protect themselves. Utilizing breach notification services and monitoring tools can help mitigate the risks associated with such incidents.

As developments unfold, the Internet Archive will continue to provide updates on their efforts to enhance security and restore access to their invaluable resources. For now, users are encouraged to stay informed and take necessary precautions to safeguard their digital identities.