Internet Archive hacked, 31 million user data leaked
by
The Internet Archive, which operates the Wayback Machine, an online archive that automatically archives content from the internet, has been hacked, and the data of over 31 million users has reportedly been stolen.
Internet Archive hacked, data breach impacts 31 million users
https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/
The Internet Archive is under attack, with a breach revealing info for 31 million accounts - The Verge
https://www.theverge.com/2024/10/9/24266419/internet-archive-ddos-attack-pop-up-message
The problem was discovered when the following JavaScript alert was displayed when accessing the Internet Archive on Wednesday, October 9, 2024. The JavaScript alert reads, 'Have you ever thought that the Internet Archive was unstable and could suffer a catastrophic security breach at any time? Well, it has happened now. See you, 31 million of you, at HIBP.'
The HIBP mentioned in the JavaScript alert is a service called ' Have I Been Pwned? ', which allows users to check if their personal information has been leaked. The official X (formerly Twitter) account of 'Have I Been Pwned?' stated, '31 million records of data were breached at the Internet Archive, including email addresses, names, and bcrypt-hashed passwords. 54% is already on Have I Been Pwned?'.
New breach: Internet Archive had 31M records breached last month including email address, screen name and bcrypt password hash. 54% were already in @haveibeenpwned . Read more: https://t.co/1d9Mxv97Ac
— Have I Been Pwned (@haveibeenpwned) October 9, 2024
Troy Hunt, operator of Have I Been Pwned?, told security news site BleepingComputer, 'In early October, attackers shared the Internet Archive's authentication database in a 6.4GB SQL file called ia_users.sql. The database contained email addresses, screen names, password change timestamps, and bcrypt hashed passwords.'
When BleepingComputer contacted the users who were actually registered in the database, they confirmed that the information shared was genuine. It is unclear at the time of writing how the Internet Archive was hacked and how the data was stolen.
In addition, the Internet Archive was hit by a DDoS attack in the early morning of October 9th, and Brewster Kahle, the operator of the Internet Archive, explained on X (formerly Twitter) that 'DDoS attacks on the Internet Archive were repeated today.'
Yesterday's DDOS attack on @internetarchive repeated today. We are working to bring https://t.co/Hk02WjumkL back online.
— Brewster Kahle (@brewster_kahle) October 9, 2024
The hacktivist group BlackMeta has admitted to this attack on X and has also revealed plans to launch additional attacks. However, it is unclear what BlackMeta's purpose is in attacking the Internet Archive.
The Internet archive has and is suffering from a devastating attack We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down.
— ?????????_???????????????????????????????????? (@Sn_darkmeta) October 9, 2024
Second round | New attack
09/10/2024 Duration 6 hours… pic.twitter.com/SL9lz4gSld
Related Posts:
in Security, Posted by log1i_yk