) |
|
The Internet Archive, a renowned digital library and home to the Wayback Machine, has been victim to a significant cyberattack, exposing the personal data of millions of users. The breach, which came to light in early October, compromised 31 million user accounts, exposing email addresses, usernames, and encrypted passwords. This attack, alongside distributed denial-of-service (DDoS) attacks that temporarily took the site offline, marks one of the most substantial security breaches in the organization's history.
The attack began with a malicious JavaScript pop-up on October 9th, alerting visitors to the breach and directing them to Have I Been Pwned (HIBP), a website dedicated to informing users about data breaches. Security researcher Troy Hunt confirmed the breach, revealing that the incident occurred in September and involved the theft of 31 million email addresses, usernames, bcrypt password hashes, and other internal system data. Hunt received the stolen data on September 30th but didn't initially realize its significance. He reviewed the data on October 5th and immediately notified the Internet Archive, emphasizing the timing of the breach with the subsequent DDoS attacks.
The DDoS attacks, which temporarily disabled services like the Wayback Machine, have been claimed by the hacktivist group SNBlackMeta. While their role in the data breach remains unclear, SNBlackMeta is known for its involvement in other major cyberattacks, including a six-day DDoS assault on a Middle Eastern financial institution. Cybersecurity firm Radware has connected SNBlackMeta to a pro-Palestinian hacktivist movement, potentially influencing their choice to target the Internet Archive. SNBlackMeta has publicly stated their intention to continue targeting the Internet Archive due to its perceived ties to the United States.
The Internet Archive has been actively working to recover from the breach and subsequent attacks. The organization has disabled the malicious JavaScript library, scrubbed its systems to remove malicious traffic, and upgraded its security measures. Brewster Kahle, the founder of the Internet Archive, has acknowledged the challenges posed by both the legal battles and cyberattacks, emphasizing the organization's commitment to recovering from the incidents and continuing to provide free access to knowledge. Users of the Internet Archive are advised to change their passwords, especially if they reuse them on other platforms, and avoid downloads or interactions with files from the site until the breach is resolved and services are declared secure.
Source: Internet Archive hacked: How millions of passwords, emails were stolen in massive cyberattack