1 Million Users at Risk: Inside the Internet Archive Data Breach

 


Internet Archive Breach: 31 Million Users' Data Compromised in Massive Hack

The Internet Archive’s "Wayback Machine," a cornerstone for online digital preservation, has experienced a significant data breach. A threat actor compromised the website and stole an authentication database containing 31 million unique records. The breach was first made public through a JavaScript alert displayed on the compromised archive.org website.


Hackers Announce the Breach

On Wednesday, visitors to the Internet Archive were greeted with an unexpected and unsettling message. A JavaScript alert created by the hacker stated, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” The message hinted that the stolen data would soon be added to Have I Been Pwned (HIBP), a data breach notification service.

The term “HIBP” refers to the platform where users can check if their email addresses have been part of any known data breaches. Created by cybersecurity expert Troy Hunt, HIBP has become a critical tool for monitoring personal data exposure.

What Data Was Stolen?

According to Hunt, the threat actor shared the Internet Archive’s stolen user authentication database with him nine days before the breach went public. The database, a 6.4GB SQL file titled "ia_users.sql," contained:

  • Email addresses
  • Screen names
  • Password change timestamps
  • Bcrypt-hashed passwords (a form of encrypted passwords)
  • Other internal user data

The most recent timestamp in the stolen records is from September 28, 2024, which is likely when the database was exfiltrated. There are 31 million unique email addresses in the compromised database, many of which are registered with the HIBP service.

Breach Confirmed by Cybersecurity Experts

Hunt confirmed the authenticity of the breach after contacting several individuals whose data appeared in the leaked database. One of these individuals was cybersecurity researcher Scott Helme, who verified that his data, including a bcrypt-hashed password, matched the one stored in his password manager. Helme permitted BleepingComputer to share his record as further proof of the legitimacy of the stolen data.

Internet Archive's Response and Ongoing Attacks

Internet Archive founder Brewster Kahle took to social media platform X (formerly Twitter) to acknowledge the breach. Kahle confirmed that the hacker exploited a vulnerability in a JavaScript library to deface the website and display the hacker’s message to visitors.

In his update, Kahle wrote: “What we know: DDoS attacked—fended off for now; defacement of our website via JS library; breach of usernames, emails, and salted-encrypted passwords.”

He added that the compromised JavaScript library had been disabled, the systems were being scrubbed, and security upgrades were in progress. However, just hours later, DDoS (Distributed Denial of Service) attacks resumed, affecting the availability of both archive.org and openlibrary.org.

BlackMeta Hacktivist Group Claims DDoS Attack

While the breach has not been definitively linked to the DDoS attacks, the BlackMeta hacktivist group has claimed responsibility for the DDoS assaults. In a tweet, the group warned that more attacks would follow. The extent of BlackMeta’s involvement in the data breach itself remains unclear.

What Can You Do?

If you have an account with the Internet Archive, it’s crucial to take immediate action to secure your data:

  1. Check Have I Been Pwned – Soon, the stolen data will be added to HIBP, where users can check if their email address was part of the breach.
  2. Change Your Password – If you had an account with the Internet Archive, update your password immediately. Ensure that your new password is unique and not reused across other platforms.
  3. Enable Two-Factor Authentication (2FA) – Where possible, turn on 2FA for an added layer of security on your online accounts.

What's Next for the Internet Archive?

As the Internet Archive continues to fend off attacks and recover from this significant breach, its users remain at risk. The attack highlights the vulnerabilities that even large, trusted platforms face in today’s cybersecurity landscape.

For now, it is vital to stay alert for any phishing attempts or suspicious activities related to this breach. This incident serves as a reminder to always maintain strong, unique passwords and use services like HIBP to stay informed about data exposure.


Source:bleepingcomputer.com

No comments:

Global Espionage? Chinese Cyber Centre Accuses U.S. of Tech Firm Hacks

  U.S. Accused of Cyberattacks and Trade Secret Theft by Chinese Cybersecurity Centre A Chinese cybersecurity organization has accused the U...