Internet Archive Suffers Major Data Breach and DDoS Attack

Breached Company

Breached Company

4 min read
Internet Archive Suffers Major Data Breach and DDoS Attack
Photo by Leon Seibert / Unsplash

The Internet Archive, a non-profit digital library known for its Wayback Machine service, has fallen victim to a significant cyberattack, resulting in a data breach affecting 31 million users and prolonged website outages due to distributed denial-of-service (DDoS) attacks[1][2].

The Data Breach

On October 9, 2024, news of the breach began circulating after visitors to archive.org noticed a JavaScript alert created by the hacker, announcing that the Internet Archive had been compromised[2]. Troy Hunt, the administrator of the Have I Been Pwned (HIBP) data breach notification service, confirmed that he received a 6.4GB SQL file containing the stolen user data approximately nine days prior to the public disclosure[1][2].

The compromised database includes:

  • Email addresses
  • Screen names
  • Bcrypt-hashed passwords
  • Password change timestamps
  • Other internal data

While the use of Bcrypt hashing provides some protection, the strength of individual passwords will determine how difficult they are to crack[3].

DDoS Attacks and Website Defacement

In addition to the data breach, the Internet Archive has been suffering from sustained DDoS attacks, causing significant downtime for both archive.org and the Wayback Machine[1][4]. The website was also briefly defaced, with the hacker displaying a pop-up message announcing the breach[5].

Internet Archive founder Brewster Kahle confirmed that the organization has been battling these attacks, stating that they have been working to restore services[5]. Jason Scott, an archivist at the Internet Archive, mentioned that the site had been offline for hours due to the DDoS attacks[5].

Alleged Perpetrators

The identity of the hackers responsible for the data breach remains unknown. However, a group calling themselves "SN_Blackmeta" has claimed responsibility for the DDoS attacks[1][4]. This group has stated on social media that they are planning additional attacks, though their motivations appear to be misguided, as many users have pointed out that the Internet Archive is not connected to the US government[4].

Response and Mitigation

Brewster Kahle provided an update on the situation, outlining the steps taken to address the security issues[4]:

  1. Disabled the compromised JavaScript library
  2. Scrubbing systems
  3. Upgrading security measures

The Internet Archive team is working on restoring services and improving their security posture to prevent future attacks.

Impact and Implications

This breach highlights the vulnerability of even well-established and respected online institutions. The Internet Archive serves as a crucial resource for researchers, historians, and the general public, making this attack particularly concerning[3].

Users of the Internet Archive are advised to take the following precautions[4]:

  1. Change passwords, especially if reused on other sites
  2. Enable two-factor authentication when available
  3. Be vigilant for potential phishing attempts using stolen information
  4. Consider using a password manager for generating and storing strong, unique passwords

Based on the available information, the exact method used by the hackers to breach the Internet Archive's security is not clear. However, we can piece together some key details about the attack:

The Data Breach

The hackers managed to steal a user authentication database containing 31 million unique records[1][4]. This database included:

  • Email addresses
  • Screen names
  • Bcrypt-hashed passwords
  • Password change timestamps
  • Other internal data

Website Compromise

The attackers were able to inject malicious JavaScript code into the Internet Archive website[1][4]. This allowed them to display a pop-up message to visitors announcing the breach.

Possible Attack Vectors

While the specific vulnerability exploited is not mentioned, there are a few potential ways the hackers may have gained access:

  1. Exploiting a vulnerability in a JavaScript library used by the site[2]. Brewster Kahle, the Internet Archive's founder, mentioned "defacement of our website via JS library" in his update.
  2. Compromising an admin account or internal system to gain elevated access privileges.
  3. Exploiting an unpatched vulnerability in the web application or underlying infrastructure.
  4. Using social engineering tactics to trick employees into providing access.

Ongoing Investigation

The Internet Archive team is still investigating the full extent of the breach. They have taken steps to mitigate the attack by:

  • Disabling the compromised JavaScript library[2]
  • Scrubbing their systems[2]
  • Upgrading security measures[2]

Without more details from the Internet Archive, it's difficult to determine the exact method used. The organization will likely provide more information as their investigation progresses.

Conclusion

The cyberattack on the Internet Archive serves as a stark reminder of the ongoing threats faced by online services and the importance of robust cybersecurity measures. As the situation continues to develop, users should remain cautious and follow best practices to protect their personal information.

Citations:

  1. https://www.helpnetsecurity.com/2024/10/10/internet-archive-data-breach/
  2. https://www.theregister.com/2024/10/10/internet_archive_ddos_data_leak/
  3. https://www.blackhatethicalhacking.com/news/internet-archive-hacked-31-million-user-records-stolen-in-major-data-breach/
  4. https://www.securityweek.com/31-million-users-affected-by-internet-archive-hack/
  5. https://www.wired.com/story/internet-archive-hacked/
  6. https://www.techzine.eu/news/security/125206/internet-archive-breach-affects-31-million-accounts/
  7. https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/
  8. https://www.newsweek.com/catastrophic-internet-archive-hack-hits-31-million-people-1966866
  9. https://www.malwarebytes.com/blog/news/2024/10/internet-archive-suffers-data-breach-and-ddos
  10. https://www.zdnet.com/article/internet-archive-breach-compromises-31-million-accounts-what-you-need-to-know/
  11. https://www.tomshardware.com/tech-industry/cyber-security/internet-archive-hacked-and-31-million-user-accounts-leaked-hacking-group-sn-blackmeta-claims-responsibility
  12. https://www.pcmag.com/news/hacker-defaces-internet-archive-claims-it-suffered-a-breach
  13. https://www.theverge.com/2024/10/9/24266419/internet-archive-ddos-attack-pop-up-message
  14. https://www.forbes.com/sites/daveywinder/2024/10/10/internet-hacked-wayback-machine-down-31-million-passwords-stolen/

Read more