Story updated October 10 The Internet Archive’s Wayback Machine, a digital library preserving the history of the Internet, has been hit by hackers. The attack compromised 31 million user passwords and launched a Distributed Denial of Service (DDoS) attack that disrupted the website. It is still unclear if the two incidents are connected, but evidence suggests the same hacker group may be responsible.
What Happened? The first sign of the hack was a message displayed on the Wayback Machine’s website saying,
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
The hackers referenced the “Have I Been Pwned” service, which tracks data breaches.
Troy Hunt, the founder of Have I Been Pwned, confirmed that hackers had shared a 6.4GB database containing user information from the Internet Archive. The stolen data includes email addresses, screen names, timestamps, and encrypted (Bcrypt-hashed) passwords. Hunt noted that the database contained 31 million records, with the last breach occurring around September 18. Users will soon be able to check if their data was exposed.
Expert Analysis Jason Meller, a cybersecurity expert from 1Password, said the breach indicates that hackers accessed the back-end systems and defaced parts of the website. This suggests they had control over the site’s content and its network.
Jake Moore, a global cybersecurity advisor at ESET, added that although the passwords were encrypted, users should still change them. He advised that all passwords be unique to prevent cross-referencing with other breaches.
Response and Investigation Brewster Kahle, a leader at the Internet Archive, confirmed the DDoS attack, website defacement, and breach of user data. The organization has disabled the compromised features and is improving security.
A pro-Palestinian hacktivist group, Black Meta, has claimed responsibility for the DDoS attack, though their involvement in the data breach is still unclear. This story is developing, and more updates are expected soon.
News Source: https://www.forbes.com/sites/daveywinder/2024/10/10/internet-hacked-wayback-machine-down-31-million-passwords-stolen/