Details of the compromised data revealed that it may have been stolen on 28 September.
Internet Archive, the US non-profit behind the popular ‘Wayback Machine’ and a library of free archival data is currently suffering from a wave of cyberattacks which have compromised the data of 31m users and disrupted its website.
News of the data breach began circulating on Wednesday (9 October) when Internet Archive users were faced with a prompt on the website that read: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach?
“It just happened. See 31m of you on HIBP!”
HIBP, or Have You Been Pwned?, is a service that lets users know if their details have been compromised in a data breach. HIBP creator Troy Hunt told Bleeping Computer that he received the stolen data, which included email addresses, screen names and passwords, on 30 September and he reached out to Internet Archive with the information on 6 October.
The most recent timestamp on the compromised data showed 28 September 2024, the likely date the information was stolen.
On 9 and 10 October, the Internet Archive service also suffered a DDoS (Distributed Denial of Service) attack, a type of cybercrime where the attacker floods a website server with traffic preventing users from accessing the services. A group called BlackMeta claimed responsibility for this attack and said they will be conducting more, according to The Verge.
Brewster Kahle, chair of Internet Archive’s board, posted an update on the Internet Archive’s response to the attacks on X:
“What we know: DDOS attack – fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
“What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.”
The attack resulted in the Internet Archive website being taken down temporarily.
Early last month, the service suffered a serious blow in court when it lost a copyright infringement appeal case to share scanned books without the approval of publishers. It is also in the middle of another copyright lawsuit from multiple music labels for digitising vintage records.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.