Hackers Target Internet Archive in Major Data Breach

The Internet Archive, home to the Wayback Machine, fell victim to a significant cyberattack that compromised its authentication database and triggered a massive Distributed Denial of Service (DDoS) attack. The breach, which happened on September 18, exposed personal information of approximately 31 million registered users, including email addresses, screen names, and Bcrypt-hashed passwords.

the internet archive got hacked? that’s crazy bro. the thing that has old news articles and old social posts and videos that contradict the blatant lies of the state-controlled media? that’s nuts my guy. right befor the election? that’s bonkers dude https://t.co/FaeIDzshFw

— zxy (@zelinarxy) October 9, 2024

The attack first came to light when visitors to archive.org encountered a JavaScript alert popup, mockingly referencing the vulnerability of the Internet Archive and directing users to check Have I Been Pwned (HIBP), a data breach notification service. Troy Hunt, HIBP’s founder, confirmed receiving a 6.4GB database from the threat actor, which appears to contain genuine Internet Archive user data.

Related: Internet Archive Faces Major Setback in Copyright Ruling

Jason Meller, vice president of product at 1Password and former chief security strategist at Mandiant, suggested on Forbes that the attackers likely gained access to the back-end infrastructure and obtained some control over web content delivery. The repeated website outages indicate the attackers may have also achieved dominance at the network layer.

Brewster Kahle, digital librarian and group chair at the Internet Archive, confirmed the DDoS attack, website defacement via a JavaScript library, and the breach of user data. 

What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.

What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.

Will share more as we know it.

— Brewster Kahle (@brewster_kahle) October 10, 2024

Kahle stated that immediate actions were taken, including disabling the compromised JavaScript library, system cleanup, and security upgrades. He also later updated that the Internet Archive’s data had not been corrupted. “Services are currently stopped to upgrade internal systems,” he added on X.  

🚨BREAKING🚨: The Internet Archive's contents haven't been affected/stolen/removed by the numerous recent hacks.

The Internet Archive will RETURN once internal systems are upgraded! https://t.co/aDqPa40V3X pic.twitter.com/XWiGbKH7Qj

— Lost Media Busters (@LostMediaBuster) October 10, 2024

The pro-Palestinian hacktivist group Black Meta has claimed responsibility for the attacks.

Uh, you dropped something.

(Tweet deleted. But you know… Internet, Archive.) https://t.co/cVgkdkJ2ph pic.twitter.com/ETEDD0phbp

— Jason Scott (@textfiles) October 10, 2024

---

Information for this story was found via the sources and companies mentioned. The author has no securities or affiliations related to the organizations discussed. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.