Internet Archive Suffers Major Data Breach and DDoS Attack, Exposing 31 Million Accounts

Philippines – October 10, 2024 – The Internet Archive, a non-profit digital library known for its vast collection of books, movies, and software, has been hit by a coordinated attack, revealing a data breach affecting 31 million accounts. The attack, which included a Distributed Denial of Service (DDoS) attack and website defacement, has left users concerned about the security of their personal information.

Internet Archive DDOS Attack

On Wednesday afternoon, visitors to the Internet Archive’s website (www.archive.org) were greeted with a pop-up message claiming a “catastrophic security breach.” The message directed users to “Have I Been Pwned?” (HIBP), a website that tracks data breaches, suggesting that their personal information had been compromised.

The Internet Archive confirmed the breach later that evening, stating that the website had been defaced through a JavaScript library and that usernames, email addresses, and encrypted passwords had been stolen. The organization also confirmed that they were experiencing a DDoS attack, aimed at overwhelming the website with traffic and making it inaccessible.

Data Leak Confirmed by HIBP

Troy Hunt, the operator of HIBP, confirmed receiving a file containing the leaked data nine days prior to the attack. The file included email addresses, usernames, password change timestamps, and encrypted passwords for 31 million unique email addresses. Hunt stated that 54% of the accounts were already in his database from previous breaches.

The Internet Archive has taken steps to mitigate the situation, including disabling the JavaScript library used for the defacement, scrubbing systems, and upgrading security measures. The organization is working to notify affected users and provide support.

Attacker Claims Responsibility

An account on X (formerly Twitter) called SN_Blackmeta claimed responsibility for the attack and hinted at another attack planned for the following day. This account has previously claimed responsibility for DDoS attacks on the Internet Archive.

Let me share more on the chronology of this:

30 Sep: Someone sends me the breach, but I'm travelling and didn't realise the significance
5 Oct: I get a chance to look at it – whoa!
6 Oct: I get in contact with someone at IA and send the data, advising it's our goal to load…

— Troy Hunt (@troyhunt) October 9, 2024

The attack on the Internet Archive is a significant event, highlighting the vulnerability of online platforms to DDoS attacks and data breaches. The organization plays a crucial role in preserving digital content, and the breach raises concerns about the security of its vast collection.

The Internet Archive is working to recover from this attack and ensure the safety of its users and its valuable collection. The incident serves as a reminder of the importance of strong passwords, two-factor authentication, and vigilant security practices to protect online accounts. The attack also underscores the need for continued investment in cybersecurity to protect critical online resources like the Internet Archive.

Source: Troy Hunts

---

To stay informed about the latest tech news and gadget reviews in the Philippines, we encourage you to follow and subscribe to WazzupTechPH. You can also connect with us through our official social media accounts.  Sharing this news article helps support our ongoing efforts in providing timely and informative reports.