Internet Archive Hit by Cyberattack, Exposing 31 Million User Accounts
On October 9, 2024, the Internet Archive, renowned for its Wayback Machine, fell victim to a significant cyberattack. A group known as BlackMeta claimed responsibility, launching both a Distributed Denial-of-Service (DDoS) attack and a data breach that compromised the information of 31 million users. The breached data includes email addresses, usernames, and bcrypt-hashed passwords, which were uploaded to “Have I Been Pwned” (HIBP), a service that helps users identify if their information has been compromised.
The attack began with a pop-up on the Internet Archive’s website, warning users of the breach. The hacker group responsible boasted about their success in disrupting the service for several hours and threatened further attacks. Troy Hunt, the founder of HIBP, confirmed that the stolen data was shared with him in a 6.4GB SQL file. He added that more than half of the breached accounts had already been registered with HIBP, facilitating the process of notifying affected users.
The Internet Archive responded quickly by disabling compromised systems, updating security measures, and conducting an internal investigation. Founder Brewster Kahle assured users that systems were being scrubbed and vulnerabilities addressed, including removing a malicious JavaScript library used in the attack.
This breach underscores the increasing threats faced by even non-profit institutions that provide valuable public services, emphasizing the importance of robust cybersecurity practices. Users are urged to change their passwords and enable two-factor authentication to protect their accounts.
This event highlights growing concerns over hacktivist groups targeting high-profile web services.
Here’s a breakdown of what happened:
Key Points:
Attack Details:
- A hacktivist group called BlackMeta claimed responsibility for the attack.
- The attack involved a Distributed Denial-of-Service (DDoS) and a data breach, impacting the personal information of 31 million users.
Compromised Data:
- Email addresses, usernames, and bcrypt-hashed passwords were stolen.
- The stolen data was shared with “Have I Been Pwned” (HIBP), a service that notifies users if their data has been exposed in a breach.
What Users Saw:
- A pop-up appeared on the Internet Archive website, alerting users that their data had been compromised.
Response from Internet Archive:
- Founder Brewster Kahle confirmed the attack and announced measures to disable vulnerable systems.
- The team is now working on upgrading security and removing a compromised JavaScript library.
What to Do:
- If you have an Internet Archive account, change your password immediately.
- Enable two-factor authentication (2FA) for added security.
Additional Info:
- The hacker group threatened more attacks, so users are advised to remain vigilant.
- Over half of the compromised accounts were already registered on HIBP, which will notify users directly.