A Critical Moment for Digital Preservation: The Internet Archive’s Struggle

By -

Internet Archive's "The Wayback Machine" suffered a major data breach, after hackers gained access to the website and stole a user authentication database containing 31 million unique records.

News of the breach started to spread on Wednesday afternoon when visitors to the archive.org website saw a JavaScript alert, claiming that the internet archive was hacked.


About the Internet Archive

The Internet Archive is a nonprofit digital library founded in 1996, aiming to provide universal access to knowledge. It hosts a vast collection of books, websites, music, videos, and software. Its most notable tool, the "The Wayback Machine", allows users to view archived versions of websites. The Archive preserves cultural history by digitising and storing content, making it an essential resource for researchers, historians, and the public.


Details of the Breach

"HIBP" refers to "Have I Been Pwned", a data breach notification service created by Troy Hunt, where hackers often share stolen data. Troy confirmed that the threat actor behind the Internet Archive breach shared the site's authentication database nine days ago. The stolen file, named "ia_users.sql," is a 6.4GB SQL file containing data like email addresses, screen names, Bcrypt-hashed passwords, and other internal information.


JavaScript alert shown on Archive.org
JavaScript alert shown on Archive.org


The most recent timestamp on the stolen records is from September 28th, 2024, which likely indicates when the database was taken. It contains 31 million unique email addresses, many of which are already subscribed to HIBP's service. This data has been added to HIBP, allowing users to check if their email was affected by the breach.

 

 

Verification and Disclosure

Troy Hunt verified the authenticity of the breach by contacting users from the stolen database. Among them was cybersecurity researcher "Scott Helme", who confirmed that the "Bcrypt-hashed password" in the stolen data matched the one stored in his password manager. Helme also verified that the timestamp in the database matched the date when he last changed the password in his password manager.

​​​​​​​Password manager entry for archive.org
Password manager entry for archive.org
Source: Scott Helme


Internet Archive's Response

"Brewster Kahle", the founder of the Internet Archive, confirmed the data breach. Kahle shared an update stating that hackers used a compromised "JavaScript library" to display alerts on the site. He also mentioned that the site had faced "DDoS attacks" that were briefly fended off.



Kahle’s status update provided an overview of the situation:  
- The website was defaced using a JavaScript library.
- Usernames, emails, and salted-encrypted passwords were stolen.
- The compromised JavaScript library was disabled, and the system is undergoing scrubbing and security upgrades.


DDoS Attacks and Hacktivist Claims


Shortly after addressing the data breach, the Internet Archive faced "renewed DDoS attacks", taking both "archive.org" and "openlibrary.org" offline. The "BlackMeta hacktivist group" claimed responsibility for these attacks, stating that more disruptions were planned.

Although the Internet Archive is dealing with both a data breach and DDoS attacks, it is not believed that the two incidents are connected.

SN_BlackMeta tweet



Zendesk System Breach


In a further complication, the Internet Archive experienced another breach yesterday, with hackers gaining access to their "Zendesk support email system". The Archive is working to contain this new security threat.

 

The Internet Archive breach highlights the growing threat to digital security and serves as a strong reminder to the importance of cybersecurity measures, even for trusted, longstanding institutions. 

As data breaches become more frequent and increasingly sophisticated, organisations need to continuously review and enhance their security infrastructure to safeguard sensitive user information.

Users should take immediate steps like changing passwords and enabling multi-factor authentication to protect their data.

 


At Robust IT, we recommend organisations regularly update security protocols and train staff to prevent similar incidents. For professionals looking to strengthen their cybersecurity skills, our certifications, such as CompTIA Security+ and Certified Ethical Hacker, are essential for staying ahead and safe from emerging threats.

Comments

Post a Comment

Popular posts from this blog

Navigating the Future of Software Development: Choosing Your Path with Traditional, DevOps, and NoOps

By -
Image
     In the ever-evolving realm of software development, finding the right path is key to success. Traditional methods, DevOps, and NoOps represent distinct routes to creating robust software solutions. As we delve into these approaches, it becomes evident that learning cloud computing services is an essential aspect of modern software development. Robust IT, a leading learning institute, empowers you to master cloud services like Azure and AWS, coupled with AI and machine learning. Let's explore how these methodologies intersect and why embracing cloud technology is crucial for your IT career. Image sources from: ByteByteGo Traditional SDLC: The Familiar Waterfall Traditional software development, akin to a waterfall, flows through sequential phases—planning, design, development, testing, deployment, and maintenance. While offering stability and predictability, the traditional SDLC can be slow and inflexible. Changes in one phase may cascade challenges downstream, making it less a
Read more

Transforming Futures: Leverage UK Immigration Shifts with Robust IT's Expert Training

By -
Image
In the midst of significant changes to the UK's immigration landscape, there's a silver lining for individuals seeking new career horizons, particularly in the dynamic field of Information Technology (IT). The recent announcement by the Home Secretary to slash migration levels brings with it a unique opportunity for those looking to embrace a career change, and Robust IT stands as your gateway to success in the IT industry. Seizing Career Opportunities in IT As the government introduces measures to redefine immigration policies, the Information Technology sector emerges as a beacon of opportunity. The demand for skilled professionals in areas such as Cyber security, Cloud Computing, and Data Science remains steadfast. This presents an ideal moment for individuals to explore new possibilities and embark on a rewarding journey in the world of IT. Why Choose IT? Information Technology is not just a sector; it's a realm of constant innovation, where skilled individuals play a p
Read more

Transformational Power of AI and tools to increase your productivity.

By -
Image
Image generated via DALL-E 3 In recent years, artificial intelligence (AI) has garnered significant attention, and rightfully so. AI has the potential to revolutionize various aspects of our lives, making them more efficient, accessible, and impactful. While concerns have been raised about AI, including its use in government decision-making and the potential for discrimination, it's essential to recognize the transformative and positive impact AI can have on the world. In this blog, we'll explore the ways in which AI can change the world for the better. 1. Healthcare Advancements AI is poised to make ground-breaking strides in the field of healthcare. From improving diagnosis accuracy to streamlining patient care, AI has the potential to save lives and reduce the burden on healthcare systems. Medical professionals can use AI algorithms to analyse complex medical data, aiding in early disease detection and personalized treatment plans. In addition, AI-driven tele-medicine platfo
Read more