The popular Internet Archive, known for its tool The Wayback Machine, has fallen victim to a cyberattack that has compromised the information of 31 million users. The security breach came to light on Wednesday afternoon, when visitors to the website archive.org began seeing a JavaScript popup alert, seemingly created by the attacker, confirming the incident.
“Ever felt like Internet Archive is on the brink of a security disaster? It just happened. See 31 million of you in HIBP,” read the message on the hacked website. The text refers to Have I Been Pwned (HIBP), the well-known data breach notification service created by Troy Hunt, where attackers often share stolen data for verification and eventual inclusion in the public HIBP database.
According to Troy Hunt, the attacker shared the Internet Archive’s authentication database nine days ago, which is a 6.4 GB SQL file named “ia_users.sql.” This file contains authentication information of registered users, including emails, usernames, password change timestamps, passwords hashed with the Bcrypt algorithm, and other internal data.
The latest record in the stolen database is dated September 28, 2024, suggesting that the attack may have taken place on that date. Hunt stated that the database contains 31 million unique email addresses, many of which belong to users already subscribed to HIBP breach notifications. The information will soon be added to this service, allowing users to verify if their data was exposed in this breach.
To confirm the authenticity of the stolen data, Hunt reached out to some of the users whose data was present in the database, including cybersecurity researcher Scott Helme, who allowed BleepingComputer to share his exposed record. Helme verified that the Bcrypt hashed password in the database matched the one stored in his password manager, and that the password change date was also correct.
Despite contacting the Internet Archive three days ago to begin a disclosure process, Hunt has not yet received a response from the organization. It is unknown how the attackers managed to access the database and if any other type of information has been stolen.
This incident is not the only recent problem that the Internet Archive has faced. Hours before the data breach announcement, the platform experienced a Distributed Denial of Service (DDoS) attack, claimed by the hacktivist group BlackMeta. This group has stated that they will carry out more attacks in the coming days.
With the increasing number of users and the amount of sensitive data stored on platforms like the Internet Archive, these attacks underscore the vulnerability of digital infrastructures and the need to strengthen cybersecurity measures at all levels. Affected users should stay alert for updates and take necessary steps to protect their personal information, such as changing passwords and enabling two-factor authentication when possible.
The attack on the Internet Archive is a stark reminder of the risks that digital services face. With the data of millions of users leaked, investigations are expected to reveal more details about the extent of the attack and for the Internet Archive to take necessary steps to prevent future incidents of this nature. Meanwhile, the digital community remains vigilant against potential consequences and further attacks announced by the BlackMeta group.
via: Blepping Computer