• Perks with a Purpose!

    Introducing Administrata+ and Pro—because supporting your admin journey and our community should go hand in hand.

Internet Archive hacked, data breach impacts 31 million users

Cpvr

Community Explorer
Community Moderator
The Internet Archive’s “Wayback Machine” has experienced a data breach after a hacker infiltrated the site and accessed a database containing 31 million unique user records. News of the incident began spreading on Wednesday, when visitors to archive.org encountered a JavaScript alert left by the hacker, announcing the breach.





The message read: “Ever feel like the Internet Archive is held together by a thread and ready to collapse in a security disaster? Well, it just did. See 31 million of you on HIBP!”





The reference to “HIBP” points to Have I Been Pwned, a data breach alert service founded by cybersecurity expert Troy Hunt. The hacker had shared the stolen Internet Archive database with Hunt nine days prior. The 6.4GB SQL file, named “ia_users.sql,” contains details about the platform’s registered users, including email addresses, screen names, password change records, Bcrypt-hashed passwords, and other internal information.





According to Hunt, the compromised database includes 31 million unique email addresses, with a large number of affected users already registered for breach notifications on HIBP. Once the data is fully processed, users will be able to verify whether their personal information was part of the breach by using the HIBP tool.





To validate the authenticity of the breach, Hunt reached out to individuals listed in the compromised data, including cybersecurity researcher Scott Helme. Helme allowed BleepingComputer to share his exposed record, confirming that the hashed password in the database matched the one stored in his password manager.





Hunt initiated a disclosure process with the Internet Archive three days prior, giving them 72 hours before the data would be added to HIBP. However, no response has been received from the organization.





Details on how the breach occurred or if any additional data was compromised remain unknown. On the same day, the Internet Archive also suffered a DDoS attack, which has since been claimed by the BlackMeta hacktivist group, who have threatened further attacks.

Source:

 
Great looks like my email was part of that leak... Thankfully I use different passwords on my accounts so my other accounts should be fine.
 
I didn't even know you needed to sign up there — for what purpose?

I've only ever used the site to view archived websites to do more research on for domain investing purposes.
 
I didn't even know you needed to sign up there — for what purpose?

I've only ever used the site to view archived websites to do more research on for domain investing purposes.
Same here, I never registered an account either.

Sad to see they breached a website like Archive though. I use it so often, it'd be a shame to see it go. We don't have any alternatives, do we?
 
We don't have any alternatives, do we?
When I search "archive org alternative" on Google it comes up with 21 listings from "sources across the web".

Sadly, people aim to target these useful websites to hack and bring down for no apparent reason. Archive.org is the site I have used to find old ZetaBoards themes to convert to Jcink. It would be a shame if the site ended up going offline.

I don't believe I ever created an account on the site either.
 
That's pretty sad. It's like attacking and stealing from a museum. Who does that? Even if the point was to show how unreliable and flimsy their infrastructure and security is... Don't steal and leak their data, come on...
 
That's pretty sad. It's like attacking and stealing from a museum. Who does that? Even if the point was to show how unreliable and flimsy their infrastructure and security is... Don't steal and leak their data, come on...
Exactly. A website like archive has no harmful intentions, it only helps the user. But anyone who steals data is just a lowlife.
 
Sometimes it's all about the money and selling that data off to companies that would use it to promote their own company or they use the data itself for financial means somehow. But, whether we know hackers' intent or not can be a mystery, as there are other reasons for hacking than financial gain alone, but I imagine that's one of the primary reasons.
 
I didn't think a breach of user data would take down the Wayback Machine. I relied on it so much!

View attachment 134

But reading back on this thread...
News of the incident began spreading on Wednesday, when visitors to archive.org encountered a JavaScript alert left by the hacker,
It only makes sense to take the archive offline for a bit.

They could've inserted malware into the archived pages. They have to ensure that everything is sanitized now.

I hope it won't be off too long.
 

Users who are viewing this thread

Back
Top