Internet Archive hacked: 31 million accounts compromised in data breach
The Internet Archive, a nonprofit digital library known for archiving millions of web pages and media, was hit by a significant cyberattack on Wednesday, resulting in the compromise of 31 million user accounts. The breach, confirmed by Internet Archive founder Brewster Kahle, included defacement of the website and exposure of sensitive user data.
The attack came to light when visitors to the site were greeted with a pop-up message warning of the breach. The message read: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
The reference to HIBP (Have I Been Pwned?) alludes to a widely-used platform that tracks data breaches. HIBP’s operator, Troy Hunt, confirmed that he received a file containing the compromised data, which included email addresses, screen names, password change timestamps, and bcrypt-hashed passwords for 31 million users. After validating the data, Hunt began working with the Internet Archive to disclose the breach, which was confirmed on October 6th. He revealed that 54% of the affected accounts were already listed in HIBP from prior breaches.
As part of the coordinated attack, the Internet Archive also faced a DDoS (Distributed Denial-of-Service) attack, which brought parts of the website down temporarily. Jason Scott, an Internet Archive archivist, confirmed via Mastodon that the DDoS attack appeared to have no clear motive, as the attackers provided no demands or statements.
Brewster Kahle later posted an update on X (formerly Twitter), stating that they had disabled the compromised JavaScript library used in the attack and were in the process of upgrading their security infrastructure. Kahle also confirmed that the breach involved usernames, email addresses, and salted-encrypted passwords, assuring users that they were working to secure their systems.
The hacking group SN_Blackmeta claimed responsibility for the attack via their account on X, even suggesting another attack was planned for the following day. This group also took credit for a previous attack on the Internet Archive in May, as confirmed by Scott.
The Internet Archive is currently taking steps to notify affected users while strengthening its security to prevent future incidents.