The Internet Archive, renowned for its Wayback Machine, has fallen victim to a significant data breach, exposing user information from over 31 million accounts. This incident has sparked widespread concern among users of the platform, many of whom now wonder whether their personal details have been compromised.
A hacker posted a disturbing message, alerting users to the breach with a JavaScript alert on the website. The message bluntly stated, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
What Information Was Stolen?
The stolen data includes sensitive information such as user email addresses, screen names, Bcrypt-hashed passwords, and timestamps related to password changes. The breach was confirmed by Troy Hunt, creator of the popular website Have I Been Pwned (HIBP). He disclosed that the stolen data came in the form of a large 6.4GB SQL file named “ia_users.sql,” which contained personal details from millions of Internet Archive users.
The most recent timestamp in the data file suggests the breach occurred on September 28th, 2024. Users are advised to monitor HIBP closely as their information may soon be added to its database, allowing them to check whether they were among the victims of this breach.
Security Researcher Confirms Data Authenticity
To demonstrate the seriousness of the breach, security researcher Scott Helme shared a record from the hacked database with BleepingComputer, confirming that the details in the stolen SQL file matched his personal data. The bcrypt-hashed password in the leaked file corresponded to the one stored in his password manager, and the timestamps also aligned with the date of his last password change. This served as further evidence of the breach’s authenticity and scope.
Internet Archive’s Response
Brewster Kahle, founder of the Internet Archive, responded publicly via X (formerly Twitter), providing an update on the situation. According to Kahle, the Internet Archive had been simultaneously targeted by a DDoS attack, which they successfully fended off, and had their website defaced through a compromised JavaScript library. He confirmed the breach, explaining that usernames, email addresses, and bcrypt-encrypted passwords were exposed.
To mitigate the impact, Kahle explained that the Internet Archive has disabled the compromised JavaScript library, is scrubbing its systems, and is working on upgrading its security protocols. While the data breach and DDoS attack are not directly related, they have compounded the security challenges faced by the organization.
What Should You Do?
If you’re an Internet Archive user, it’s essential to take immediate action to protect your account and personal information. Start by changing your Internet Archive password as soon as possible. If you’ve reused that password on other platforms (though it’s always recommended to use unique passwords), be sure to change those as well.
Even though the breach didn’t include payment information or social security numbers, it’s still wise to consider using one of the best identity theft protection services to monitor your personal information. This extra layer of security can help ensure that any stolen data doesn’t result in further risks down the line.
