The Internet Archive and Wayback Machine went down on Tuesday following a sustained cyber attack. In addition, the Archive’s user data has been compromised. If you’ve ever logged into the site to pore over its ample archives, it’s time to change your passwords.
On October 8, it was obvious something was wrong. “DDOS on a Tuesday? Last time it was a Monday,” Internet Archive founder Brewster Kahle said in a post on X. On Tuesday, things had gotten worse. The site was down and someone had defaced it. Pulling up the site prompted a JavaScript alert.
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” The little alert said.
“HIBP” is Have I Been Pwned, a website where you can check an email address against data breaches to see if it’s been compromised. In a post on X, HIBP said that 54% of the emails contained in the IA breach were in the database before this latest breach occurred.
HIBP founder Troy Hunt told BleepingComputer that the hackers shared the Internet Archive’s authentication database with him 10 days ago. The SQL file contained email addresses, screen names, password change timestamps, and Bcrypt-hashed passwords of the Archive’s registered users.
In a post on X, Hunt described the timeline of events.
Let me share more on the chronology of this:
30 Sep: Someone sends me the breach, but I’m travelling and didn’t realise the significance
5 Oct: I get a chance to look at it – whoa!
6 Oct: I get in contact with someone at IA and send the data, advising it’s our goal to load…— Troy Hunt (@troyhunt) October 9, 2024
Kahle followed up on October 9. “What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords,” he said in a post on X. “What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.”
The next morning, the Archive was back offline. “Sorry, but DDOS folks are back and knocked archive.org and openlibrary.org offline,” Kahle said in a follow-up post on X. “[Archive] is being cautious and prioritizing keeping data safe at the expense of service availability.”
A pro-Palestenian hacktivist group called SN_BLACKMETA has taken responsibility for the hack on X and Telegram. “They are under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of ‘Israel,’” the group said on X when someone asked them why they’d gone after the Archive.
The group elaborated on its reasoning in a now-deleted post on X. Jason Scott, an archivist at the Archive, screenshotted it and shared it. “Everyone calls this organization ‘non-profit’, but if its roots are truly in the United States, as we believe, then every ‘free’ service they offer bleeds millions of lives. Foreign nations are not carrying their values beyond their borders. Many petty children are crying in the comments and most of those comments are from a group of Zionist bots and fake accounts,” the post said.
SN_BLACKMETA also claimed responsibility for a six-day DDoS attack on the Archive back in May. “Since the attacks began on Sunday, the DDoS intrusion has been launching tens of thousands of fake information requests per second. The source of the attack is unknown,” Chris Freeland, Director of Library Services at the Archive said in a post about the attacks back in May.
SN_BLACKMETA launched its Telegram channel on November 23 and has claimed responsibility for a number of other attacks including a six-day DDoS run at Arab financial institutions and various attacks on Israeli tech companies in the spring.
It’s been a hard year for the Internet Archive. In July, the site went down due to “environmental factors” during a major heat wave in the U.S. Last month it lost an appeal in the lawsuit Hachette and other major publishers launched against it.
“If our patrons around the globe think this latest situation is upsetting, then they should be very worried about what the publishing and recording industries have in mind,” Kahle said in a post about the DDoS attack in May. “I think they are trying to destroy this library entirely and hobble all libraries everywhere. But just as we’re resisting the DDoS attack, we appreciate all the support in pushing back on this unjust litigation against our library and others.”
The Internet Archive did not return Gizmodo’s request for comment.
Trending Products
LG UltraGear QHD 27-Inch Gaming Monitor 27GL83A-B – IPS 1ms (GtG), with HDR 10 Compatibility, NVIDIA G-SYNC, and AMD FreeSync, 144Hz, Black
Acer Nitro 27″ WQHD 2560 x 1440 PC Gaming IPS Monitor | AMD FreeSync Premium Up to 180Hz Refresh 0.5ms DCI-P3 95% 1 Display Port 1.2 & 2 HDMI 2.0 XV271U M3bmiiprx,Black
Lenovo 15.6″ FHD Laptop, Intel Pentium N6000 Quad-core Processor, 16GB Memory, 1TB SSD Storage, Ethernet Port, HDMI, USB-C, WiFi & Bluetooth, Windows 11 Home, WOWPC USB Bundle
