.png){kind=logo}
The Internet Archive (IA), a nonprofit digital library, has fallen victim to a major cyberattack, compromising the personal data of 31 million user accounts. The breach, which was confirmed by Internet Archive founder Brewster Kahle, included a defacement of the site and a Distributed Denial-of-Service (DDoS) attack that left the site temporarily offline.
The attack exposed users’ email addresses and Bcrypt-hashed passwords, raising concerns about the security of the widely-used platform. During the breach on Wednesday afternoon, visitors to the Internet Archive were greeted with a pop-up message announcing the hack.
This message also referenced the website Have I Been Pwned (HIBP), a service where individuals can check if their data has been compromised in any known data breaches. The pop-up stated, “31 million of you on HIBP!” signaling the scale of the data leak.
Troy Hunt, the operator of HIBP, confirmed that 31 million unique email addresses were involved in the breach. Hunt verified the stolen data by cross-referencing it with existing user accounts and validating its legitimacy. The compromised data includes email addresses, usernames, timestamps of password changes, and Bcrypt-hashed passwords.
Hunt revealed that 54% of the breached accounts had already been involved in prior cyberattacks, highlighting the widespread vulnerability of user data across platforms. According to Hunt, the Internet Archive had been aware of the breach since October 6th and was in the process of preparing to notify users when the website was defaced.
While the defacement was quickly addressed, the impact of the breach forced the site offline for several hours, during which users were met with a placeholder message announcing the temporary suspension of Internet Archive services.
Brewster Kahle confirmed that the cyberattack exploited a vulnerability in the site’s JavaScript library. The compromised library was disabled, and security upgrades were implemented to prevent further breaches. Kahle reassured users that the team was scrubbing the systems and working diligently to restore full functionality to the site while enhancing its security measures.
Archivist Jason Scott, a key figure in the Internet Archive community, shared his observations on Mastodon, noting that the DDoS attack seemed to lack a clear motive or demands. He described the attack as being carried out “just to do it,” suggesting that the assailants may have been motivated purely by a desire to disrupt the platform's services.
An account on X (formerly Twitter) under the name SN_Blackmeta claimed responsibility for the breach. The same account hinted at a follow-up attack planned for the following day, compounding concerns for the Internet Archive's security. The account also boasted about a previous DDoS attack on the Internet Archive in May, raising further speculation about ongoing targeting of the platform.
The breach exposed a significant portion of the Internet Archive’s user base, affecting individuals who rely on the platform for accessing and preserving digital content. While no clear financial or personal demands have been made, the attack serves as a stark reminder of the growing threats to cybersecurity and the vulnerability of online platforms to coordinated breaches and service disruptions.
As of now, the full extent of the attack's impact on the Internet Archive's users remains under investigation. The platform continues to enhance its security protocols to fend off future attacks, while efforts are underway to notify affected users and mitigate the fallout from this breach.
With the Internet Archive still recovering from the cyberattack, it serves as a cautionary tale for organizations across the digital spectrum to prioritize user data protection and bolster cybersecurity measures against emerging threats.
