Archive.org, a worldwide known archive of the entire Internet, suffered a huge data breach. The website was defaced, with a message from hackers saying that the site was badly secured and user data will soon be available at Have I Been Pwned service. The service already confirmed receiving the leak, with as much as 6.4GB of database uploaded to HIBP.
Internet Archive’s Wayback Machine Hacked, User Data Stolen
On October 9, 2024 the website of Wayback Machine service archive.org, led by Internet Archive organization went offline, to then get resurrected in a defaced format. Hackers who managed to break into the website’s infrastructure wiped the usual contents only to place a JavaScript pop-up stating the following:
Unfortunately, the attacker was not kind enough to leave any other information regarding how and why they hacked the service. The website is down at the moment, even without the aforementioned JS pop-up, which suggests that Internet Archive potentially regained control over the system. At the same time, Have I Been Pwned service already reports about receiving a huge database that allegedly consists of the Internet Archive data.
After a short browsing through this fresh upload, independent security researchers have confirmed that it is genuine and really is a database from Archive.org. Scott Helme, one of the investigators, shared his exposed record to BleepingComputer. Password hash (this lengthy mess of letters and numbers) corresponds to one he used on the website, and other data also appears correct.
9887370, [email protected],$2a$10$Bho2e2ptPnFRJyJKIn5BiehIDiEwhjfMZFVRM9fRCarKXkemA3PxuScottHelme,2020-06-25,2020-06-25,[email protected],2020-06-25 13:22:52.7608520,\N0\N\N@scotthelme\N\N\N
Overall, the breach does not contain any sensitive information, primarily because the service itself does not keep or ask for any. Main contents of the leaked database are emails, usernames and hashes of passwords. Not too much for the hackers to exploit, so the fuss is mostly about the huge number of affected users and the worldwide fame of the Archive.org service.
DDoS Attack of Wayback Machine
Aside from the massive impact from the attackers’ activity, the website also suffered from SN_Blackmeta hacktivists. They have launched a DDoS attack on the Internet Archive’s servers, making the site completely inaccessible for quite some time. Hackers boasted about this in their X/Twitter publication.
The motivation behind DDoS attacks and hacking of the system is not clear, at least for me. As a non-profit company, Internet Archive is unlikely to have an overwhelming amount of money, sufficient for establishing a reliable cybersecurity protection. This exact reason ruins any suggestions about the ransom demand for non-disclosure of the hack.
Archive.org Gives No Answer
Despite the massive number of affected users, Internet Archive did not come out with any comments about the situation or their further steps. And it is hard to explain by saying it is too soon to say anything: a security breach allegedly happened in late September, with the latest records from the database dating September 28, 2024. They should be aware about the issue for quite some time now, and considering the number of people exposed in that attack, the response should have been immediate.
For people who had their accounts on Archive.org, the best solution would be to track HIBP website updates. They already claimed receiving the leaked info, and say about being ready to index it and make it publicly available. With a search by either a username or an email address, you will get the information on what exact information was exposed in your case.
