On October 9, 2024, a significant data breach affecting the Internet Archive’s “Wayback Machine” came to light, impacting approximately 31 million users worldwide. According to Troy Hunt, the administrator of “Have I Been Pwned” (HIBP), a breach notification service, the stolen user data had been circulating online way before September 30, 2024. On October 9, 2024, this data was uploaded to HIBP, allowing users to check if they were affected.
The threat actor went a step ahead & displayed an alert on the Internet Archive’s website, disclosing the data breach.
The threat actor behind the breach reportedly displayed an alert on the Internet Archive’s website on October 9, signaling the compromise. As detailed by BleepingComputer, the leaked data, a 6.4GB SQL file named ia_users.sql, included sensitive user information such as email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.
Following the breach, BleepingComputer reached out to the Internet Archive for comment but received no response. Later, the Internet Archive founder, Brewster Kahle, provided updates on X (formerly Twitter). In a post dated October 10, Kahle confirmed the breach and stated that a JavaScript library had been exploited to display alerts to site visitors.
“What we know: DDoS attacked—fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords,” Kahle tweeted.
“What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.”
Subsequent updates revealed that DDoS attacks had resumed, temporarily taking archive.org and openlibrary.org offline again. However, the Internet Archive clarified that the DDoS attacks were not believed to be related to the data breach.
Yet another breach:
On October 20, 2024, the Internet Archive faced another breach, this time involving its Zendesk support email system. This breach could be an interesting topic for someone to explore further in their article.
Reference:
https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users
https://www.securityweek.com/31-million-users-affected-by-internet-archive-hack/
Exposing email addresses and Bcrypt-hashed passwords is a big deal. The follow-up DDoS attacks show that cybersecurity issues are ongoing. I’m glad the Internet Archive is taking steps like disabling the compromised JavaScript library and upgrading security. This incident is a strong reminder of the need for continuous vigilance in data protection. You’ve highlighted some crucial points. Well done, Smruti!
significant data breach affecting the Internet Archive highlights the vulnerabilities in digital world and the importance of robust security practices, especially for organizations handling large, sensitive user data
Excellent post, Smruti. Both the breach and DDOS attack against the Internet Archive are particularly egregious given what a tremendous good the service is to the internet at large. Sites like Wikipedia relay on the Wayback Machine to maintain sources that may have been removed from their original locations, and while breaching the service to exfiltrate user information is a common motivation, the DDOS and defacing of the website is just downright petty, especially given that the organization is a non-profit and wouldn’t even have the funds to try and pay a ransom. This attack seemed to be less motivated by greed, and more a vindictive slight.
The Wayback Machine is a free and publicly accessible service. This makes it even more attractive to cybercriminals who may exploit security vulnerabilities in such systems. Given that many people use the service for research and content archival, it also means a breach can have a broad impact, as the archive contains a significant amount of internet history. For platforms like this, it’s absolutely essential to have strong cybersecurity measures in place—things like encryption, multi-factor authentication, and regular security audits. With millions of users and vast amounts of data, securing their systems isn’t just a good idea—it’s critical to prevent sensitive information from being exposed to the wrong people.
Great work Smruti, Drawing attention to the attacker’s use of a JavaScript library for defacement highlights the dangers of third-party dependencies, while the DDoS attacks and Zendesk hack that followed highlight the complexity of cyberthreats. I am impressed with how your research effectively spread knowledge of the value of strong cybersecurity procedures and prompt reactions to changing threats.
This breach of the internet archive is concerning, especially given the size and sensitivity of the stolen data; 31 million unique records, including bcrypt-hashed passwords and personal information! It is alarming to see how easily threat actors can target even major platforms. The connection to Have I Been Pwned makes it clear that the data is already being circulated.
Wow, I can’t believe the Internet Archive got hacked, exposing data of 31 million users! It’s scary to think that even trusted sites like the Wayback Machine aren’t safe from cyberattacks. This really makes me worried about how secure our personal information is online. We need to be more careful about what we share and how much we want our data to be public.
Brilliant post, Smruti! After facing such a significant data breach in which user data was exposed, including emails and hashed passwords, every organization must emphasize improving cybersecurity posture by means of strong password hashing, regular security audits, and thorough vetting of third-party software. It is very important to minimize data collection and establish robust incident response plans. Proactive security measures will be necessary to safeguard systems and ensure business continuity, including the implementation of DDoS protection.
Reports of such data breaches underscore the critical importance of cybersecurity professionals staying current with advanced security techniques. This enables them to proactively identify potential vulnerabilities and effectively mitigate both imminent and future threats.
Well done Smruti!
Reports of such data breaches underscore the critical importance of cybersecurity professionals staying current with advanced security techniques. This enables them to proactively identify potential vulnerabilities and effectively mitigate both imminent and future threats.
Good post Ranjan! It caught my attention how hackers are continuously improving their methods and recovering so much information. The quantity of 6.4 GB of user data is something to be concerned about. You never know when your email or personal information is exposed by one organization. Although more security measures are implemented it is important to keep updated to avoid a problem in the future or to fight back in case of an attack.
Thanks for the info!
Agreed, we never know which organization will be targeted next. It’s not a matter of if but when. One of the best strategies we can use to stay safe as users is to use dummy emails for signing up on non-essential websites and services. This way, even if those sites get compromised, our primary emails remain safe.