Massive hack hits Internet Archive, compromising millions of user accounts

2 weeks ago 5

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

Forward-looking: Who doesn't love the Wayback Machine? Apparently, its respected status on the internet hasn't deterred hackers, who have recently stolen data affecting 31 million users. The incident serves as a reminder of the ongoing challenges in maintaining cybersecurity.

The Internet Archive, a nonprofit digital library that preserves the history of the internet and is home to the beloved Wayback Machine, has suffered a major data breach affecting 31 million users. The incident came to light when visitors to the site encountered an unauthorized JavaScript pop-up message claiming that a "catastrophic security breach" had occurred.

Troy Hunt, founder of the data breach notification service Have I Been Pwned (HIBP), confirmed the authenticity of the breach. The stolen data includes email addresses, usernames, password hashes, and other system information. Hunt received the 6.4GB database containing 31 million unique records from the hacker and plans to add it to HIBP, which will allow users to check if their information was compromised.

Hi folks, yes, I'm aware of this. I've been in communication with the Internet Archive over the last few days re the data breach, didn't know the site was defaced until people started flagging it with me just now. More soon. https://t.co/uRROXX1CF9

– Troy Hunt (@troyhunt) October 9, 2024

In addition to the data breach, the Internet Archive has been grappling with a series of distributed denial-of-service (DDoS) attacks, disrupting its services. In response, Brewster Kahle, Internet Archive founder and current digital librarian, said they are actively hardening their defenses to provide more reliable access to their collections.

Kahle addressed the security incidents in a public update. He confirmed the DDoS attack, website defacement via a JavaScript library, and the breach of user data. As a countermeasure, the organization has disabled the compromised JavaScript library and is currently enhancing its security measures.

The hacktivist group BlackMeta has claimed responsibility for the DDoS attacks and has threatened further actions against the digital library. However, the perpetrator behind the data breach remains unknown.

This security incident comes at a challenging time for the Internet Archive, which is already facing legal battles. The organization recently lost an appeal in a copyright lawsuit brought by book publishers and is now confronting another potentially devastating lawsuit from music labels. This June, the online library was forced to remove approximately 500,000 titles from its collection, which IA described as a "devastating loss" for readers who rely on the platform to access otherwise hard-to-find books.

This latest breach has heightened concerns about the security of non-profit organizations that provide valuable online services. Many users and cybersecurity experts have sympathized with the Internet Archive, recognizing its importance as a digital repository. Indeed, some 25 percent of web pages posted between 2013 and 2023 have already vanished, according to a recent study by Pew Research Center. For older content, this trend is even starker. Some 38 percent of web pages that existed in 2013 are unavailable today, compared with 8 percent in 2023.

As the situation unfolds, Internet Archive users are advised to change their passwords and remain vigilant for potential phishing attempts or unauthorized access to their accounts.

Masthead: John Blyberg

Read Entire Article