The Internet Archive, a key player in digital preservation, was hacked, leading to a significant data breach affecting 31 million users. Founder Brewster Kahle confirmed the incident, which involved the defacement of the site with a JavaScript pop-up alert warning visitors of the breach.
The pop-up message raised concerns about the Archive's security, stating, 'Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!' This referred to the platform 'Have I Been Pwned?' where users can check if their personal data has been compromised.
Troy Hunt, the operator of HIBP, revealed that he received a file containing internal data, including email addresses and hashed passwords, nine days before the breach. He confirmed the leak's legitimacy by cross-referencing it with user accounts, noting that 54% of those affected had already been compromised in prior breaches.
In addition to the data breach, the Internet Archive also faced a Distributed Denial-of-Service (DDoS) attack, which hampered its operations and intermittently took the site offline. Jason Scott, an archivist at the Archive, remarked on social media that the DDoS attack seemed purposeless, suggesting the attackers acted 'just because they can.'
The breach has raised alarms about the security of sensitive information stored by the Internet Archive, especially given its role in safeguarding both public and private data. The leaked information dates back to 2020, with the most recent data recorded just days before the attack.
Cybersecurity researcher Scott Helme confirmed his account was part of the breach, validating the incident's authenticity by matching his hashed password with the leaked data.