Internet Archive had its popular Wayback Machine hit with a massive data breach that saw a user authentication database with 31 million unique records stolen. This is a big deal for anyone who has an account on the popular website.
The hacker made a JavaScript message alert claiming they stole user data and that it would show up on Have I Been Pwned (HIBP). The message reads, "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"
As far as what data the hacker got, Troy Hunt, the creator of HIBP, told BleepingComputer that Internet Archive user email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data were included in the large 6.4GB SQL file named "ia_users.sql."
The most recent timestamp in the data is September 28th, 2024, which is likely the date the hacker got their hands on the data.
If you're curious about whether your information was stolen, it'll be added to HIBP in the near future. You can enter your email address on the site and see if you were among the 31 million people impacted by this breach (or other hacks).
Interestingly, security researcher Scott Helme actually allowed BleepingComputer to publish his entry in the hacked database. Here's what it looks like:
9887370, internetarchive@scotthelme.co.uk,$2a$10$Bho2e2ptPnFRJyJKIn5BiehIDiEwhjfMZFVRM9fRCarKXkemA3PxuScottHelme,2020-06-25,2020-06-25,internetarchive@scotthelme.co.uk,2020-06-25 13:22:52.7608520,\N0\N\N@scotthelme\N\N\N
Helme said that the bcrypt-hashed password in the record matched the brcrypt-hashed password in his password manager, and the timestamp in the database record matched the date when he last changed the password.
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.Will share more as we know it.October 10, 2024
For its part, the Internet Archive's founder Brewster Kahle finally spoke up, with the company's founder posting on X about the situation. Kahle said, "What we know: DDOS attacked-fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords."
Kahle also spoke about what the company has done to deal with the issue: "What we've done: Disabled the JS library, scrubbing systems, upgrading security."
Based on this information, it seems the Internet Archive is facing a data breach and DDoS attacks simultaneously, though the two attacks aren't connected.
What should you do?
If this data breach has impacted you, the first thing you should do is change your password to ensure malicious individuals can't get into your Internet Archive account. If you use the same password on other services (which we don't recommend), you'll want to change the password on other services that use it, too.
Even though this hack doesn't include payment information or social security numbers, you'll still want to check out one of the best identity theft protection services to ensure that your name is protected.