New Delhi: On Wednesday, the Internet Archive experienced a significant data breach, compromising the personal information of 31 million users. Email addresses, screen names, and encrypted passwords were exposed, leading cybersecurity experts to recommend that users update their passwords immediately. This breach has heightened concerns over data privacy and the security of the widely used digital library, best known for its Wayback Machine.
The breach, first detected on October 9, was caused by the exploitation of a JavaScript (JS) library on the Internet Archive’s website. A pop-up message on the site informed visitors about the incident, stating, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”—a reference to the service “Have I Been Pwned?” (HIBP), which helps users check if their information has been compromised.
The attackers provided cybersecurity experts with a database containing email addresses, screen names, and other internal data for 31 million users. Troy Hunt, founder of HIBP, confirmed receiving a 6.4 GB database file from the attackers and noted that over half of the compromised email addresses had appeared in previous breaches.
Brewster Kahle, founder of the Internet Archive, acknowledged the breach and ongoing Distributed Denial-of-Service (DDOS) attacks on the platform. In a post on X (formerly Twitter), he shared, “What we know: DDOS attack fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it.”
Despite attempts to mitigate the attack, the Internet Archive’s site and Wayback Machine have been intermittently inaccessible as the organization continues its efforts to secure its systems.
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
— Brewster Kahle (@brewster_kahle) October 10, 2024
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
A group called “SN_BlackMeta” claimed responsibility for the DDOS attack. The group, previously linked to cyberattacks on Middle Eastern financial institutions and associated with pro-Palestinian hacktivist movements, stated that their five-hour-long attack brought down the Internet Archive’s systems. They justified their actions by alleging that the Archive was connected to the USA, a claim countered by a community note pointing out the platform’s nonprofit status and its extensive resources on Palestine.