The Internet Archive, a non-profit organization known for its massive digital library “The Wayback Machine,” has suffered a major data breach impacting over 31 million users.
The breach was first discovered after visitors to the archive.org website encountered a Javascript alert from the hacker claiming a successful attack. Stolen user data, including email addresses, usernames, password change timestamps, and bcrypt-hashed passwords, was confirmed by security researcher Troy Hunt, who runs the Have I Been Pwned (HIBP) data breach notification service.
The size of the stolen data file is estimated to be 6.4GB and was named “ia_users.sql.” The most recent record timestamp suggests the breach occurred on September 28th, 2024.
Troy Hunt verified the legitimacy of the data by contacting users listed in the database, including cybersecurity expert Scott Helme. Scott confirmed a match between his password stored in a password manager and the bcrypt-hashed password found in the leaked data. Additionally, the timestamp in the leaked data aligned with the date Helme last changed his password.
Troy Hunt attempted to contact the Internet Archive regarding the breach but has not received a response. The organization was previously targeted by a DDoS attack earlier this week, claimed by the BlackMeta hacktivist group. Whether the DDoS attack and the data breach are connected is currently unknown.
The severity of the breach lies in the potential compromise of user passwords. While bcrypt hashing makes it difficult to crack passwords directly, hackers could attempt techniques like “rainbow table” attacks or brute force methods to gain access to user accounts.
Here’s what Internet Archive users can do:
- Change your password immediately: Create a strong, unique password for your Internet Archive account and any other account where you might have used the same password.
- Enable two-factor authentication (2FA): If available, activate 2FA on your Internet Archive account to add an extra layer of security.
- Monitor your email for breach notifications: Keep an eye on your inbox for messages from HIBP or the Internet Archive regarding the breach. You can also visit the HIBP website and enter your email address to check if your data was compromised.
The Internet Archive has yet to publicly acknowledge the breach. This incident highlights the importance of strong password management and the need for organizations to prioritize data security.