Home Internet Archive rocked by massive breach, more than 31 million users impacted

Internet Archive rocked by massive breach, more than 31 million users impacted

TLDR

  • A cyberattack on the Wayback Machine exposed 31 million user details and credentials.
  • The breach involved usernames, email addresses, and encrypted passwords, with 54% already compromised in prior breaches.
  • The Internet Archive has responded by upgrading security, scrubbing systems, and disabling compromised JavaScript libraries.

The Internet Archive is reeling after its Wayback Machine was hit by a massive cyber attack, exposing 31 million users. 

The vast data breach occurred after the hackers exploited the website, obtaining a user authentication database containing an array of user details and credentials. 

An illicit JavaScript pop-up appeared on the Internet Archive on Wednesday, with the hackers boasting that a major incident had taken place. 

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” read the alert.

HIBP refers to the Have I Been Pwned data breach notification portal created by Troy Hunt, who threat actors often share information with. The details of stolen data are then added to the service.

Later on Wednesday, the Internet Archive acknowledged the incident.

It was founded in 1996 and provides a digital library, with free access to collections of digitized materials including websites and software applications. The Wayback Machine has billions of archived web pages, with the organization eager to ensure that the digital record remains accessible for future generations. 

Last month, Google confirmed it would add links to archived websites through the Wayback Machine.

Hunt claims more than half of the impacted accounts were breached previously

Hunt took to X to discuss the huge data breach, providing further details.

He revealed the attack was carried out in September, and the database consisted of more than 31 million unique email addresses. 

HIPB also stated 54 percent of the compromised accounts were already listed in its database from previous breaches.

The Internet Archive has had to contend with a series of distributed denial-of-service attacks (DDOS) which has occasionally disrupted its operations, in addition to the breach attempts. 

On Wednesday evening, Internet Archive founder Brewster Kahle posted on X to provide a public update on the situation. 

He wrote, “What we know: DDOS attack—fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it.” 

“Scrubbing systems” refers to services that offer protection from DDoS attacks by filtering malicious junk traffic so it can’t overrun and disrupt a website.

At the time of writing, the Internet Archive has not responded to requests for a comment from several media outlets.

Image credit: Midjourney

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Graeme Hanna
Tech Journalist

Graeme Hanna is a full-time, freelance writer with significant experience in online news as well as content writing. Since January 2021, he has contributed as a football and news writer for several mainstream UK titles including The Glasgow Times, Rangers Review, Manchester Evening News, MyLondon, Give Me Sport, and the Belfast News Letter. Graeme has worked across several briefs including news and feature writing in addition to other significant work experience in professional services. Now a contributing news writer at ReadWrite.com, he is involved with pitching relevant content for publication as well as writing engaging tech news stories.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.