Summarize

Simplifying... Inshort

The Internet Archive, a digital library, recently suffered a significant data breach affecting 31 million users, with email addresses, usernames, and password data compromised.
In addition to the breach, the site has been targeted by DDoS attacks, disrupting services.
The organization is now enhancing security measures and notifying affected users.

Was a long read? Making it simpler...

Next Article

The data breach occurred in September

Internet Archive suffers major data breach, 31 million users affected

By Mudit Dube

Oct 10, 2024

09:48 am

What's the story

In a major data breach, non-profit digital library Internet Archive has been compromised, affecting some 31 million users. The breach was first reported via an unauthorized JavaScript pop-up on the site. Subsequently, Troy Hunt, a well-known security researcher and founder of data-breach-notification website Have I Been Pwned (HIBP), confirmed its authenticity. Hours later, the organization also confirmed the hack.

Information compromised

Breach details and Internet Archive's response

The data breach occurred in September, compromising 31 million unique email addresses along with usernames, bcrypt password hashes, and other system data. The breach perpetrators even taunted the Internet Archive in their pop-up message saying, "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened."

DDoS attacks

Internet Archive faces additional security threats

Along with the data breach, the Internet Archive has also been facing a series of distributed denial-of-service (DDoS) attacks that have sporadically disrupted its services. Jason Scott, an archivist and software curator for The Internet Archive, confirmed these attacks on social media. The hacktivist group known as BlackMeta has claimed responsibility for the DDoS attacks and threatened to launch more against the digital library.

Countermeasures

Founder addresses breach and outlines response measures

In the wake of the security incidents, Internet Archive founder Brewster Kahle issued a public update. He confirmed a DDoS attack, website defacement through a JavaScript library, and breach of usernames/email/salted-encrypted passwords. As countermeasures, the organization has disabled the compromised JavaScript library and is currently scrubbing systems and enhancing security.

Notification process

HIBP's role in breach notification and future plans

Hunt from HIBP, who first received the stolen Internet Archive data on September 30, reviewed it on October 5 and alerted the organization about it on October 6. The group confirmed the breach to him the next day. Hunt planned to upload this data into HIBP and inform its subscribers about the breach. Despite encouraging early public disclosure of the data breach, he acknowledged that extenuating circumstances may have caused a delay in this process.