WEBINAR
On October 9, 2024, visitors to the Internet Archive were met with a startling message. A pop-up on the site’s main domain warned of a “catastrophic security breach,” sending ripples through the digital preservation community.
For those unfamiliar, the Internet Archive is a cornerstone of the web’s memory, founded in 1996 by Brewster Kahle. This nonprofit digital library offers free access to an immense collection of materials, from archived websites and software to music, films, and books.
Before the site went dark—following a series of distributed denial-of-service (DDoS) attacks—several users caught the ominous pop-up on web.archive.org. The message read:
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
But what exactly does this mean? And are you, as a user, affected? Here’s what we know so far.
The story so far
First, let’s break down what HIBP is. Have I Been Pwned? (HIBP) is a well-known online resource where users can check if their personal information has been compromised in data breaches.
So, was the Internet Archive’s breach legitimate? Unfortunately, yes. According to Troy Hunt, the operator of HIBP, the breach is indeed real. Hunt revealed that nine days prior to the pop-up, he received a file containing sensitive data, including “email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data” for 31 million unique email addresses. He verified the authenticity of the breach by cross-referencing the information with user accounts.
Hunt also provided a detailed account of the timeline: after receiving the file, he contacted the Internet Archive on October 6 to inform them of the breach. As they began the process of disclosing the breach and loading the affected data into HIBP, the Internet Archive’s site was defaced, and a DDoS attack ensued.
Who’s behind the attack?
An account on X, going by the handle SN_Blackmeta, has come forward claiming responsibility for the Internet Archive attack. In a series of posts, the account suggested that another attack was planned for October 10, tying their actions to the U.S. government’s association with Israel.
SN_Blackmeta has a history with the Archive. The account previously boasted about DDoS attacks in May, a claim that aligns with earlier reports from Internet Archive staff, including Brewster Kahle, who noted similar disruptions in the past.
What should you do?
As of now, the Internet Archive is back online, following a brief but alarming outage. Brewster Kahle, the Archive’s founder, has addressed the situation, detailing the steps his team has taken to mitigate the damage from the breach and the DDoS attacks.
For those whose details were stolen in the breach, the damage may already be done. The good news, however, is that the personally identifiable information (PII) exposed in this attack is relatively limited, consisting primarily of email addresses.
But that’s not to say users are in the clear. Cybercriminals can still combine this data with information from other breaches to commit fraud or hijack cloud accounts. To minimize risk, it’s essential to remain vigilant. Be on the lookout for phishing attempts, use a password manager to create strong, unique passwords, and enable two-factor authentication on your most sensitive accounts.
