The Internet Archive, a non-profit digital library that preserves the history of the internet, has been compromised, exposing the data of approximately 31 million users.
The breach was confirmed by Have I Been Pwned (HIBP), a prominent platform that tracks and alerts individuals to data breaches.
On Wednesday afternoon, visitors to the Internet Archive’s website, archive.org, were greeted by a pop-up message claiming that the site had been hacked.
The message, which was briefly displayed before the site went offline, read: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”.
According to HIBP, the breach occurred last month and exposed 31 million records containing email addresses, screen names, and bcrypt-hashed passwords. The stolen data was shared with HIBP by the threat actor, who provided a 6.4GB SQL file named “ia_users.sql” containing the compromised information.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
Troy Hunt, the cybersecurity expert behind HIBP, confirmed the breach and stated that the data would be added to the HIBP database, allowing users to check if their information was exposed. Hunt also revealed that 54% of the affected email addresses were already in the HIBP database from previous breaches.
The Internet Archive’s founder, Brewster Kahle, acknowledged that the site was experiencing a DDoS attack but did not comment on the breach.
The site’s main page was temporarily taken offline, and users were directed to the organization’s social media account for updates.
This breach is a significant concern for users who have registered accounts with the Internet Archive, as it exposes their personal information and potentially puts them at risk of further cyber attacks. Users are advised to check their email addresses on HIBP and take necessary precautions to protect their online security.
The Internet Archive has faced previous cyber attacks, including a DDoS attack in May, which was claimed by the same group responsible for the current breach. The organization is working to restore its services and ensure the security of its users’ data.
The service has been restored and is now back online. It is highly recommended that all users update their login credentials for security purposes.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar