The Internet Archive, a non-profit organisation focused on creating digital archives of websites and various media, has recently disclosed a security incident that has exposed over 31 million unique email addresses and user names.
On Wednesday, users accessing the site were confronted with an unexpected pop-up message. This message, apparently posted by the individual responsible for the breach, contained provocative language suggesting the vulnerability of the Internet Archive’s infrastructure and confirming the compromise of user data.
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” said the message.
The message referred to HIBP, likely alluding to ‘Have I Been Pwned,’ a well-known website that allows users to check if their personal information has been compromised in data breaches.
Soon after, HIBP confirmed the breach. According to their report, the compromised data included email addresses and user names of registered Internet Archives users, along with other sensitive information such as password change timestamps and Bcrypt-hashed passwords, reports Bleeping Computer.
According to cybersecurity researcher Troy Hunt, who operates HIBP, the hacker shared the stolen database nine days before the breach’s public disclosure. Hunt revealed that the compromised dataset, which amounts to 6.4 GB, contained critical information.
Notably, the most recent activity in the database dates back to September 28, 2024, indicating when the data was likely stolen.
The breach has raised alarms due to the scale and sensitivity of the information exposed. Hunt confirmed the legitimacy of the data by contacting users listed in the database, including cybersecurity experts.
As the Internet Archive continues to address the breach, a parallel distributed denial-of-service (DD0S) attack further complicates matters. On Wednesday, a hacktivist group called BlackMeta claimed responsibility for the DDoS attack but did not acknowledge involvement in the data breach.
Brewster Kahle, founder of Internet Archive, reassured users that the DDoS attack had been mitigated for the time being and the organisation had bolstered its security measures. However, Kahle hinted that more challenges could be on the horizon, indicating a potential escalation in the situation.
The organisation has disabled the JS library and updated its security measures.
The breach has yet to be fully explained, leaving questions about how the threat actor infiltrated the Internet Archive’s systems. There is also no confirmation of whether additional data beyond the user authentication database was accessed or stolen.
In the News: SharePoint, OneDrive, Dropbox are being used for financial fraud