Let me share more on the chronology of this:
— Troy Hunt (@troyhunt) October 9, 2024
30 Sep: Someone sends me the breach, but I'm travelling and didn't realise the significance
5 Oct: I get a chance to look at it - whoa!
6 Oct: I get in contact with someone at IA and send the data, advising it's our goal to load…
The Internet Archive has suffered a significant breach impacting 31 million accounts. On Wednesday, visitors to the site were met with a pop-up alert announcing a “catastrophic security breach,” which was later confirmed by Internet Archive founder Brewster Kahle. The website was also defaced and subjected to a distributed denial-of-service (DDoS) attack, which has caused disruptions for days.
The pop-up message, loaded through a compromised JavaScript library, read: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
“HIBP” refers to Have I Been Pwned?, a service where users can check if their data has been exposed in a breach. The operator of HIBP, Troy Hunt, confirmed to BleepingComputer that he received a file containing the email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other data of 31 million unique users. Hunt verified the data’s authenticity through multiple sources.
The breach has left the Internet Archive scrambling to address the attack. Kahle posted on X, confirming the breach and explaining that the team had disabled the compromised JavaScript library and is working on improving security measures. The DDoS attack, which had been ongoing for days, has also complicated the recovery process.
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
— Brewster Kahle (@brewster_kahle) October 10, 2024
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
According to archivist Jason Scott, there were no clear demands from the attackers, who appeared to be acting simply “because they can.”
A group claiming responsibility, BlackMeta, hinted at further attacks to follow, escalating concerns over the site’s future stability. The attack is particularly alarming given the scale of data compromised, and many affected users are awaiting further updates.
As the Internet Archive works to bring its services back online, you should consider monitoring your account on Have I Been Pwned to check if your information has been exposed.