Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Dave LeClair

31 million users impacted by Internet Archive data breach — what we know

A hand typing at a computer in a dark room, lit up by the laptop's keyboard LEDs and red LED light.

Internet Archive had its popular Wayback Machine hit with a massive data breach that saw a user authentication database with 31 million unique records stolen. This is a big deal for anyone who has an account on the popular website.

The hacker made a JavaScript message alert claiming they stole user data and that it would show up on Have I Been Pwned (HIBP). The message reads, "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"

As far as what data the hacker got, Troy Hunt, the creator of HIBP, told BleepingComputer that Internet Archive user email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data were included in the large 6.4GB SQL file named "ia_users.sql."

The most recent timestamp in the data is September 28th, 2024, which is likely the date the hacker got their hands on the data.

If you're curious about whether your information was stolen, it'll be added to HIBP in the near future. You can enter your email address on the site and see if you were among the 31 million people impacted by this breach (or other hacks).

Interestingly, security researcher Scott Helme actually allowed BleepingComputer to publish his entry in the hacked database. Here's what it looks like:

9887370, internetarchive@scotthelme.co.uk,$2a$10$Bho2e2ptPnFRJyJKIn5BiehIDiEwhjfMZFVRM9fRCarKXkemA3PxuScottHelme,2020-06-25,2020-06-25,internetarchive@scotthelme.co.uk,2020-06-25 13:22:52.7608520,\N0\N\N@scotthelme\N\N\N

Helme said that the bcrypt-hashed password in the record matched the brcrypt-hashed password in his password manager, and the timestamp in the database record matched the date when he last changed the password.

For its part, the Internet Archive's founder Brewster Kahle finally spoke up, with the company's founder posting on X about the situation. Kahle said, "What we know: DDOS attacked-fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords."

Kahle also spoke about what the company has done to deal with the issue: "What we've done: Disabled the JS library, scrubbing systems, upgrading security."

Based on this information, it seems the Internet Archive is facing a data breach and DDoS attacks simultaneously, though the two attacks aren't connected.

What should you do?

If this data breach has impacted you, the first thing you should do is change your password to ensure malicious individuals can't get into your Internet Archive account. If you use the same password on other services (which we don't recommend), you'll want to change the password on other services that use it, too.

Even though this hack doesn't include payment information or social security numbers, you'll still want to check out one of the best identity theft protection services to ensure that your name is protected.

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.