Internet Archive Hacked: 31 Million User Accounts Breached Amid Cyberattack and DDoS Assault
The Internet Archive was hit by a major cyberattack leading to the breach of 31 million user accounts. The attack involved a DDoS assault and website defacement, prompting the site to go offline temporarily. Troy Hunt of Have I Been Pwned confirmed the legitimacy of the breach.
Internet Archive Hacked: 31 Million User Accounts Breached Amid Cyberattack and DDoS Assault
The Internet Archive (IA) suffered a significant cyberattack on Wednesday, resulting in a data breach affecting 31 million user accounts. The attack, confirmed by founder Brewster Kahle, involved a website defacement and a Distributed Denial-of-Service (DDoS) assault that rendered the site temporarily inaccessible. Visitors to the site encountered a pop-up message announcing the breach, referencing the data-checking service Have I Been Pwned (HIBP). The message declared, “31 million of you on HIBP!” highlighting the extent of the breach.
According to Troy Hunt, the operator of HIBP, the compromised data included email addresses, screen names, timestamps of password changes, and Bcrypt-hashed passwords. Hunt validated the breach by cross-referencing it with user accounts and confirmed that 54% of the affected accounts had been compromised in previous cyberattacks. Since October 6th, Hunt had been in communication with the Internet Archive regarding the breach and was preparing to load the data into HIBP to notify affected users when the website was defaced.
The cyberattack left the Internet Archive offline for several hours, displaying only a placeholder message indicating that services were temporarily unavailable. Kahle later confirmed that the IA had disabled the compromised JavaScript library used during the defacement, upgraded the website's security protocols, and initiated a thorough scrubbing of their systems.
Archivist Jason Scott noted on Mastodon that the DDoS attack appeared to have been executed without any clear motive or demands, describing it as purely malicious. An account on X (formerly Twitter) under the name SN_Blackmeta claimed responsibility for the attack and hinted at plans for additional assaults in the future. This account also boasted about conducting a similar DDoS attack on the Internet Archive in May.
Despite these ongoing security challenges, the Internet Archive is actively working to improve its defenses against potential future attacks. The full scope of the breach and its long-term implications for users and the Internet Archive itself remain under investigation.
Click Here to Visit
What's Your Reaction?
