The Internet Archive, home to the invaluable Wayback Machine, a digital library preserving the history of the internet, has fallen victim to a significant data breach and sustained DDoS attacks. This incident has sparked widespread concern and outrage across the online community, with many comparing the potential loss to the historical burning of the Library of Alexandria.
This developing situation has raised serious questions about the security of online archives and the vulnerability of crucial digital resources. Here’s what we know so far about the ongoing attacks.
Data Breach Exposes Millions of User Accounts
Reports indicate that hacking group SN_Blackmeta has claimed responsibility for a data breach affecting approximately 31 million user accounts associated with the Internet Archive’s Wayback Machine. The attack, believed to have occurred around September 28, 2024, resulted in the theft of email addresses, usernames, and Bcrypt-hashed passwords, according to Bleeping Computer.
Users were alerted to the breach through a pop-up message displayed via a compromised JavaScript library, which sarcastically questioned the Archive’s security practices. This message directed users to Have I Been Pwned (HIBP), a website that allows individuals to check if their online accounts have been compromised in data breaches.
Troy Hunt, the creator of HIBP, confirmed the breach to Bleeping Computer, revealing that the hackers shared the Internet Archive’s authentication database, a 6.4GB SQL file named “ia_users.sql.” The database also contained password change timestamps and other internal data, with the latest timestamp pointing to the September breach date. While the stolen data is expected to be added to the HIBP site, the exact methods used by the hackers and the full extent of the compromised data remain unclear.
DDoS Attacks Cripple Wayback Machine Access
Concurrent with the data breach, the Internet Archive has been grappling with crippling Distributed Denial of Service (DDoS) attacks. These attacks, which flood a website with malicious traffic to disrupt its operations, have effectively taken archive.org offline. Brewster Kahle, the owner of the Internet Archive, confirmed the attacks, stating that the first occurred on October 8, 2024, with a subsequent attack on October 10.
A person using a laptop with a set of code seen on the display.
Kahle provided an update via Twitter, outlining the situation and the ongoing efforts to mitigate the attacks and enhance security. He acknowledged the DDoS attacks, the website defacement via the JavaScript library, and the breach of user credentials. He also confirmed that the compromised library has been disabled, systems are being scrubbed, and security upgrades are being implemented.
Uncertain Future and Ongoing Investigation
While the hackers have hinted at further attacks, the connection between the data breach and the DDoS attacks remains officially unconfirmed. The Internet Archive’s website, archive.org, remains inaccessible as of the latest reports.
This incident underscores the increasing vulnerability of online resources to sophisticated cyberattacks and the critical need for robust security measures to protect valuable digital archives like the Wayback Machine. The long-term impact of these attacks on the Internet Archive and its ability to continue preserving internet history remains to be seen.
Conclusion: A Call for Enhanced Security and Vigilance
The attacks on the Internet Archive serve as a stark reminder of the ever-present threat of cyberattacks and the importance of proactive security measures. While the situation continues to unfold, the incident highlights the need for increased vigilance and investment in cybersecurity to protect vital digital resources and preserve the historical record of the internet. Users are encouraged to check HIBP for potential compromise of their Internet Archive credentials and to practice strong password hygiene across all online accounts. The future of the Wayback Machine, and the accessibility of the vast digital history it holds, hangs in the balance.
