Internet Archive data breach, defacement, and DDoS: Users’ data compromised


The Internet Archive has suffered a data breach, leading to the compromise of email addresses, screen names and bcrypt password hashes of some 31 million users.

The compromise was revealed on Wednesday afternoon, when the digital library’s website began showing a JavaScript pop-up saying: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”

Around the same time, the data in question was being loaded into the Have I Been Pwned? data breach notification service and, soon after, HIBP users who signed up for notifications when their data is leaked began receiving notices via email:

HIBP email notification

Unfortunately, changing the compromised password was not immediately possible for many, as the Internet Archive website was rendered inaccessible after it apparently buckled under the pressure of a DDoS attack claimed by professed hacktivists.

What happened? And how?

The Internet Archive is a non-profit organization that provides free access to digitized materials – printed and audiovisual materials, music, podcasts, audio books, images, software – as well as the Wayback Machine, a massive collection of archived copies of web pages.

The organization has recently lost a copyright lawsuit brought by publishing company Hachette, and is still involved in another filed by several music labels.

The organization’s website has suffered a number of DDoS attacks in May 2024, and now again:

It is still unclear whether the data breach and the DDoS attacks have been perpetrated by the same person/group. It’s also unknown how the data breach and the website compromise happened.

HIBP creator Troy Hunt explained that someone sent him the data compromised in the breach on September 30, but he wasn’t able to review it until October 5. He notified the Internet Archive and told them that it would get loaded into HIBP on Wednesday (October 9). The overlap between the loading and the DDoS attack was a coincidence, he noted.

“Obviously I would have liked to see that disclosure much earlier, but understanding how under attack they are, I think everyone should cut them some slack. They’re a non-profit doing great work and providing a service that so many of us rely heavily on,” he added.

The Internet Archive site is now back online, and registered users are advised to change their password.






Source link