The Internet Archive, a US Based Non Profit best known for the WayBack Machine, has been compromised massive cyber attack.
The breach revealed usernames, email addresses, and encrypted passwords. Alongside there there was also a massive Distributed Denial of Service (DDOS) attack in progress. It has not been confirmed if the two security incidents are linked however it is highly likely that this targeted attack was carried out by the same threat actor or hacking group.
The threat was made clear by the cybercriminal through a JavaScript alert popup that was displayed to visitors on the site which read:
"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"
HIBP refers to ‘Have I Been Pwned’, a website that collects and analyzes information from data breaches to help users identify if their information has been leaked.
Troy Hunt, founder of the Have I Been Pwned confirmed that the threat actor has shared the 6.4GB database with them. The information contained included email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other data of more than 31 million users.
Read: LEGO Hacked In Crypto Scam Cyber Attack
It has not yet been confirmed how the hackers gained access but the BlackMeta hacktivist group have claimed responsibility and threatened further attacks.
Internet Archive founder Brewster Kahle confirmed on update through a post on X: “What we know: DDOS attack—fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it.” “Scrubbing systems” refer to services that offer DDoS attack protection by filtering malicious junk traffic so it can't deluge and disrupt a website.”
Following another wave of DDOS attacks the Internet Archive has been taken offline, with the team behind the non profit prioritizing keeping the data archive safe rather than publicly accessible.
What is the Internet Archive?
The Internet Archive is a nonprofit organization focussed on preserving digital materials from the web, including websites, books, films, and software.
It provides a massive library of digital content that is freely accessible. The Archive's mission is to provide a universal access to all knowledge.
It is best known for the Wayback Machine, is a digital archive of the World Wide Web. It allows users to easily search for and view historical snapshots of websites, capturing how they looked at various points in time. As the internet evolves so quickly, it is a vital resource for historians and researchers.
Why has the Internet Archive Been Targeted?
The Internet Archive is a powerful non-profit digital library. This makes it a valuable resource for researchers and historians interested in studying the evolution of the internet. However, this also makes it a prime target for those who want to censor or erase information that was previously public.
The Internet Archive has also been accused of bias in its preservation efforts. This has led to criticism from some groups who believe that the Archive is not preserving content in a neutral manner.
Read: Star Health Insurance Data Breach Jeopardizes Patient Information
The archives of digitized books and other materials has led to legal disputes over copyright infringement. Some publishers and authors have argued that the Archive's practices violate their intellectual property rights.
What To Do If Your Data Has Been Leaked in the Internet Archive Cyber Attack?
Having sensitive personal data leaked can be distressing, you can check if your data has appeared in the Internet Archive cyberattack by checking You’ve Been Pwned. If your data does appear in the breach you can take steps to reduce the impact.
Update passwords for all online accounts that may have been compromised, including email, social media, and online banking. Use strong, unique passwords for each account and enable multi-factor authentication.
Keep an eye on your bank and credit card statements for any unusual activity. Report any suspicious transactions immediately and consider freezing your credit.
Be aware that your information being compromised may make you a target for social engineering and phishing scams. These scams often involve impersonating trusted individuals or organizations using information they already have about you to convince you to hand over money or further details. Remain skeptical of anyone asking you for information.
