Internet Archive Hacked: 31 Million Passwords Stolen and Wayback Machine Hit by DDoS Attack

The Internet Archive, which runs the popular Wayback Machine, has fallen victim to a major cyberattack that has raised alarms throughout the online community. Hackers have managed to steal 31 million user passwords while launching a massive Distributed Denial of Service (DDoS) attack on the platform, which has made it difficult for people to access the site. Although it's not entirely clear if both attacks are connected, early evidence suggests that a single group could be behind them.

The First Signs of Trouble

The first indication that something was wrong came from the Internet Archive itself. Visitors to archive.org were met with a pop-up message that read, "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"

The message referenced the data breach notification service Have I Been Pwned (HIBP), which informs users when their personal data has been exposed. Troy Hunt, the founder of HIBP, confirmed that he received a 6.4GB database from the hackers a few days before the attack became public. This database, which appears to be authentic, contains email addresses, screen names, password change timestamps, and Bcrypt-hashed passwords of 31 million registered users of the Internet Archive.

When Did the Breach Happen?

According to Hunt, the last entry in the stolen database is dated September 18, 2024, giving some insight into when the breach likely occurred. Soon, this data will be added to the HIBP service, allowing users to check if their personal information was compromised in the attack.

What Experts Are Saying

Several cybersecurity experts have weighed in on the situation. Jason Meller, vice president of product at 1Password and a former security strategist at Mandiant, explained that the attack seems to have penetrated deeply into the Internet Archive’s infrastructure. "The fact that the attackers defaced the website and knocked it offline suggests they’ve gained significant control over both the back-end infrastructure and the network layer," Meller said.

Jake Moore, a global cybersecurity advisor with ESET, emphasized the unusual nature of this breach. "Hacking the past is usually technically impossible, but this data breach comes close to it," Moore said. He also pointed out that although the stolen passwords are encrypted, there is still a risk for users. Attackers could potentially cross-reference the encrypted passwords against data from other breaches, so users are strongly advised to ensure that all of their passwords are unique and secure.

The Extent of the Damage

As of now, it appears that the attackers have obtained a significant amount of sensitive data, and they’ve also managed to disrupt the service through DDoS attacks. The Internet Archive has been intermittently knocked offline as a result, affecting millions of users who rely on the Wayback Machine to access old websites and digital content.

Brewster Kahle, the founder of the Internet Archive, took to X (formerly Twitter) to update users on the situation. He confirmed that the site had suffered from a DDoS attack, website defacement through a compromised JavaScript library, and the breach of usernames, email addresses, and encrypted passwords. Kahle assured users that they had disabled the compromised JavaScript library, were in the process of cleaning their systems, and were upgrading their security measures to prevent further attacks.

Possible Motives Behind the Attack

Distributed Denial of Service (DDoS) attacks are often politically motivated, and this case might be no different. Donny Chong, a director at Nexusguard, suggested that the attacks on the Internet Archive might have a political dimension. A pro-Palestinian hacktivist group called Black Meta has claimed responsibility for the DDoS attacks. However, it's still unclear if the same group is behind the data breach, as no group has publicly claimed responsibility for stealing the 31 million user credentials.

While the full extent of the attack is still being assessed, it's clear that this is one of the most significant cybersecurity incidents affecting the Internet Archive to date. Given the amount of data involved and the number of people potentially impacted, this breach could have far-reaching consequences for users who rely on the platform.

What Users Should Do

If you are a registered user of the Internet Archive, it’s crucial to take immediate steps to secure your accounts. Even though the stolen passwords are encrypted, it’s always a good idea to update your passwords after a breach. Make sure that your new passwords are strong, unique, and not reused across different platforms. It’s also recommended to enable two-factor authentication (2FA) wherever possible for added security.

This breach serves as a reminder that even organizations focused on preserving the Internet’s history are not immune to cyberattacks. The situation is still developing, and more details are likely to emerge in the coming days. For now, users of the Internet Archive should remain vigilant and take proactive measures to protect their personal information.

Conclusion

The cyberattack on the Internet Archive is a sobering reminder of how vulnerable even the most trusted websites can be. With 31 million passwords stolen and the platform struggling to fend off a DDoS attack, it’s clear that this is a serious security breach. While the Internet Archive works to recover and strengthen its defenses, users are left to deal with the aftermath. As more details come to light, this incident may become a key example of the challenges facing organizations in the digital age.