The Internet Archive has experienced a significant data breach, with a hacker compromising the platform and stealing an authentication database containing the personal information of over 31 million registered users. This breach has raised serious concerns about the security of this widely used digital archive.
The data breach was discovered when visitors to the Internet Archive website began receiving JavaScript alerts. These alerts, generated by the hacker, bluntly informed users about the security breach. The message read, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” This message suggests that the stolen data will soon be available on the “Have I Been Pwned” (HIBP) data breach notification service, created by cybersecurity expert Troy Hunt.
Details of the Breach
The stolen database reportedly contains 31 million unique records, including user email addresses, screen names, password change timestamps, and Bcrypt-hashed passwords. The database is a 6.4GB SQL file named “ia_users.sql,” according to Hunt, whom the hacker contacted nine days before the breach became public. This file also contains various internal data points used by the Internet Archive.
Troy Hunt has confirmed the authenticity of the data by contacting users listed in the stolen database, including cybersecurity researcher Scott Helme. Helme validated the breach by confirming that the Bcrypt-hashed password in the exposed database matched the one in his password manager. Additionally, the timestamps in the database aligned with the last time he changed his password. This validation adds credibility to the claim that the breach is genuine and widespread.
The stolen records contain the most recent timestamp from September 28, 2024, suggesting that the database was stolen around this date. With 31 million unique email addresses included, many affected users are now awaiting the confirmation of their data exposure on the HIBP service, where they will be able to check if their details have been compromised.
Internet Archive’s Response
Hunt contacted the Internet Archive three days before the breach became public, aiming to notify the organization and give them time to respond. However, as of now, the Internet Archive has not responded to Hunt’s disclosure or commented on the breach publicly. This lack of communication raises further concerns about the organization’s handling of security issues and its preparedness to deal with cyber threats.
Additional Attacks
In addition to the data breach, the Internet Archive suffered a Distributed Denial-of-Service (DDoS) attack earlier today. The BlackMeta hacktivist group has taken responsibility for the disruption and warned of further attacks on the site.
Security Measures and Recommendations
The Internet Archive is a vital resource for preserving digital content, and this breach highlights the importance of robust cybersecurity measures for platforms that handle sensitive user data. With over 31 million users potentially affected, this incident serves as a reminder of the growing risks associated with cyber threats and data breaches in an increasingly digital world.
For now, users should change their passwords and monitor their email accounts for any suspicious activity, especially those who suspect they have been affected by the breach.
