The history of the internet as we know it, aka the Internet Archive, is currently under attack. When users visited the website on October 9, Wednesday, they were greeted by a rather strange popup that gave away the hack. However, the bigger problem is that it has led to the data breach of 31 million Internet Archive users.
The pop-up read, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
For those unaware, HIBP stands for Have I Been Pwned?, a website that lets users in on whether their email addresses have been exposed to data breaches. So, in case your credentials are out there, floating across the darkest corners of the web, you can instantly take measures like using 2FA and changing passwords.
Turns out, the threat actor behind Internet Archive’s DDoS attack is the BlackMeta hacktivist group. Well, at least they claimed so on their official X account. It can’t be taken lightly since this is the same group that notoriously attacked a UAE Bank for almost a week back in July this year. They also alarmed Internet Archive of a second round of attack, with a potential duration of 6 hours.
Anyway, HIBP operator Troy Hunt recently revealed to Bleeping Computer (an information security news publication) that the threat actor behind the data breach had sent over the Internet Archive’s authentication database to him. This was a 6.4GB SQL database file named “ia_users.sql” which, as Hunt stated,
“… contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.”
Hunt also reveals that there were 31 million compromised users’ data, most of whom were already subscribed to HIBP’s data breach notification service. So, this data will allow HIBP to notify these users easily of the breach as soon as it’s added to its database.
However, this was far from being an empty threat, as Hunt reached out to compromised users and cross-checked the leaked information himself. He noted that the bcrypt-hashed password listed in the database matched against the one stored in the password manager of these users.
Alarmingly, the timestamp of the password in the leaked database matched against the date that these users changed their passwords as well.
However, Internet Archive founder Brewster Kale took to X not long after the attack to reveal that the attack has been fended off for now. He also lets us know that this breach was carried out via a defacement of the Internet Archive’s JS library. To get things back to normal, Internet Archive disabled this very library and upgraded its security protocols.
This incident gets those wheels turning and question whether security protocols such as 2FA and authenticator apps are even enough to keep us safe. From popular content creators to big organizations like Internet Archive, they have all had their fill. Moreover, this is not the first time that the Internet Archive has been hacked, with the last DDoS attack having occurred back in May itself.
Well, we certainly wouldn’t want to see a precious portal like this lose its archived data. With that being said, what do you think of the latest attack on the Internet Archive? Cry your heart out in the comments down below!