The Internet Archive, which is the host of the Wayback Machine, was compromised at unprecedented scales. Threat actors behind the attack reportedly stole 31 million passwords.
The crime had left the organization and the users in complete limbo through the massive DDoS attacks. The two incidents may not be connected with each other, but the levels of evidence point toward malicious origin being common.
Unveiling the Hack: How It All Happened
When Bleeping Computer noticed an unusual JavaScript alert whenever someone visited archive.org, it already knew that something was wrong with the online time machine.
"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!" ," the alert reads.
One of the founders of Have I Been Pwned (HIBP) data breach notification service, Troy Hunt, revealed to the publication that a hacker shared a database of 6.4 GB taken from the Internet Archive, which contained information such as email addresses, usernames, the timestamp for when a user changes their passwords, and Bcrypt-hashed passwords.
Since the last timestamp when the database was found was on Sept. 18, Hunt believes that it's the date when the hack happened.
What Users Should Do After Internet Archive Breach?
With 31 million records now compromised, Hunt aims to add them to the HIBP service so users can check whether their data has been exposed.
A cybersecurity expert, Jason Meller, confirmed that it seems the attackers exfiltrated the database of Internet Archive, meaning they could obtain control over its back-end infrastructure. Moreover, website defacement indicates that the attackers have some degree of control over the content served to users.
In another statement, Jake Moore, security consultant at ESE said that it may be technically impossible to hack the past, but hijacking the Internet Archive is the closest thing we've been here so far.
The Internet Archive, he said, should remind users to keep unique passwords because even encrypted ones can be cross-referenced against previous uses.
Response from the Internet Archive
Brewster Kahle, a digital librarian, and the Internet Archive's group chair addressed the situation on X.
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
— Brewster Kahle (@brewster_kahle) October 10, 2024
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
Motives of Hack Unknown, But Political Motives Possible
Forbes reports that politics is another significant motive for DDoS attacks, and the current scenario is not an exception.
According to Nexusguard director Donny Chong, a hacktivist group called Black Meta, which apparently claims to be advocating for pro-Palestinian causes, has supposedly claimed responsibility for a DDoS attack, but one does not know whether it was the source behind the data breach.
Related Article: Internet Archive Adds Thousands Of MS-DOS Games
