Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records, BleepingComputer reported.
News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” reads a JavaScript alert shown on the compromised archive.org site.
The text “HIBP” refers to the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.
Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql.” The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internet data.
The Verge reported: When visiting The Internet Archive (www.archive.org) on Wednesday afternoon, The Verge was greeted with a pop-up claiming the site had been hacked. Just after 9PM ET, Internet Archive founder Brewster Kahle confirmed the breach and said the website had been defaced with the notification via a JavaScript library.
According to The Verge, a tweet from HIBP said 54 percent of the accounts were already in its database from previous breaches. In posts on his account, Hunt gave further details on the timeline, including contacting the Internet Archive about the breach on October 6th and moving forward with the disclosure process today, when the site was defaced and DDoS’s at the same time they were loading the data into HIBP to begin notifying affected users.
TechCrunch reported: Have I Been Pwned (HIPB), a data breach notification site, later confirmed the breach, saying that 31 million unique email addresses and usernames were stolen; so did Brewster Kahle, the self-described digital librarian who founded the Internet Archive in 1996.
Indeed, after what may or may not be a related distributed denial-of-service attack, on the service (a hacktivist group claimed responsibility for one but not the other) Kahle on Wednesday night suggested there could be more to come. The organization has “fended off” the DDoS attack “for now,” scrubbed its systems, and upgraded its security, he wrote on X. “Will share more as we know it.”
In my opinion, their is no good reason to collect user data from the Internet Archive, no matter what. The hacker is either having a laugh at being able to steal other people’s data, or simply wants attention.