The Internet Archive’s “The Wayback Machine” has experienced a data breach following a compromise of the website by a malicious actor, who accessed and extracted a user authentication database comprising 31 million unique records. Reports regarding the breach emerged on Wednesday afternoon, as users visiting archive.org encountered a JavaScript alert generated by the hacker, indicating that the Internet Archive had been breached.
Also Read: Apple’s smart ring hype fizzles; No current plans for the wearable device
JUST IN – Internet Archive hacked. A popup claims there was a “catastrophic security breach” and now the site is down with a “temporarily offline” notice — The Verge pic.twitter.com/RufvctlB8X
— Disclose.tv (@disclosetv) October 9, 2024
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” reads a JavaScript alert shown on the compromised archive.org site.
The term “HIBP” pertains to the Have I Been Pwned data breach notification service established by Troy Hunt, which is frequently utilized by threat actors to disseminate stolen data for inclusion in the service.
Hunt informed BleepingComputer that a threat actor recently shared the Internet Archive’s authentication database, which is a 6.4GB SQL file titled “ia_users.sql.”
This database comprises authentication details for registered users, including their email addresses, screen names, timestamps for password changes, Bcrypt-hashed passwords, and additional internal information.
Hunt reports that the database contains 31 million distinct email addresses, a significant number of which are registered with the HIBP data breach notification service. This information will soon be integrated into HIBP, enabling users to input their email addresses and verify whether their data has been compromised in this breach.
The authenticity of the data was validated after Hunt reached out to individuals included in the databases, such as cybersecurity researcher Scott Helme, who granted permission for BleepingComputer to disclose his exposed record.
Hunt reported that he reached out to the Internet Archive three days prior to initiate a disclosure process, indicating that the data would be uploaded to the service within 72 hours; however, he has not received any response since then.
The method by which the threat actors infiltrated the Internet Archive remains unclear, and it is uncertain whether any additional data was compromised.
The Internet Archive also experienced a DDoS attack, which has since been attributed to the BlackMeta hacktivist group, who have announced plans for further attacks.
🚨BREAKING🚨: The Internet Archive’s contents haven’t been affected/stolen/removed by the numerous recent hacks.
The Internet Archive will RETURN once internal systems are upgraded! https://t.co/aDqPa40V3X pic.twitter.com/XWiGbKH7Qj
— Lost Media Busters (@LostMediaBuster) October 10, 2024
The latest timestamp associated with the compromised records is September 28th, 2024, indicating the probable date of the database’s theft.
Also Read: AirTag 2 launch; Apple set to elevate tracking technology in 2025
