Internet Archive Hit by Continuous DDoS Attacks and Hacked, Exposing Data of 31 Million Users
Brook.X
Since May 2024, the Internet Archive has been subjected to DDoS attacks by hackers, disrupting normal access. As a non-profit organization, it's unclear what the hackers' motives might be for targeting such an institution.
In September, the Internet Archive continued to face DDoS attacks. Typically, these attacks would only affect access without leading to data loss. However, it's suspected that the DDoS attacks might have been a smokescreen.
According to information shared by the password breach detection platform Have I Been Pwned (HIBP), hackers completed a data breach of the Internet Archive on September 28, leaking the registered email addresses, encrypted passwords, and other information of 31 million users.
Hackers often share password-related data with HIBP, allowing users to check if their accounts or passwords have been compromised, while putting pressure on the platforms that had their data leaked.
Notably, the Internet Archive seemed unaware of the breach initially, as the database extraction was completed on September 28. Starting from last night, the Internet Archive's website began automatically displaying notices that user passwords would be shared with HIBP.
This notification was actually executed by hackers altering the Internet Archive's JavaScript scripts, indicating that the hackers not only stole data but had been lurking for over 10 days.
The hackers' motives remain unclear, as no ransom demands have been reported to date. If extortion isn't their goal, it raises questions about their intentions—perhaps the Internet Archive hosted content that the hackers or their employers wanted to be deleted.
Finally, the Internet Archive does not store sensitive user information. Other than email addresses and passwords (which are encrypted irreversibly with hashing and salting techniques in their database), users are not required to provide any additional information. Therefore, this breach is unlikely to have a significant impact, but users should remain vigilant against potential phishing scams.
