The Internet Archive, famous for its Wayback Machine, has been the victim of a cyberattack, leaving the personal information of more than 31 million users exposed. The nonprofit organisation, which preserves and archives web pages, now faces a challenging recovery after a serious breach compromised its systems.
The Internet archive has and is suffering from a devastating attack We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down.
— 𝐒𝐍_𝐁𝐋𝐀𝐂𝐊𝐌𝐄𝐓𝐀 (@Sn_darkmeta) October 9, 2024
second round | New attack
09/10/2024 Duration 6 hours… pic.twitter.com/SL9lz4gSld
On October 9, visitors to the Internet Archive's website were met with an unsettling pop-up message alerting them to a security breach. A hacker group, SN_BlackMeta, has claimed responsibility for the attack. They announced their success on the social media platform X (formerly known as Twitter), boasting about a series of “highly successful attacks” on the archive.
This attack exposed key personal data, including email addresses, screen names, and bcrypt-hashed passwords. While the passwords remain encrypted, experts advise caution, as even encrypted information can be exploited if not properly protected.
Troy Hunt, the founder of the data breach notification service Have I Been Pwned, confirmed receiving a database containing information linked to 31 million unique email addresses. This means millions of people's data, who may not even remember ever using the Internet Archive, could now be at risk.
Disruption of services
The Internet Archive's website and its renowned Wayback Machine are still down. This outage couldn't come at a worse time, considering Google recently introduced a feature that integrates Wayback Machine links into its search results. This new feature, rolled out just last month, aimed to make it easier for users to view historical versions of web pages directly from Google's search results.
The timing of the attack not only frustrates users trying to access archived content but could also impact Google's plans, as the integration relies on the availability of the Wayback Machine's services. For many, the outage cuts off access to an essential tool for research, verification, and preservation of digital history.
Response from Internet Archive
Brewster Kahle, founder of the Internet Archive, addressed the breach on X, explaining what had happened and what the team was doing to resolve the situation. His post read:
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
— Brewster Kahle (@brewster_kahle) October 10, 2024
What we've done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
Kahle's statement highlighted that while the Internet Archive faced multiple layers of attack, including a distributed denial-of-service (DDOS) attack and a breach involving JavaScript (JS) libraries, they are working diligently to fix the problems. However, Kahle also warned users that, despite their efforts, sensitive user data had been exposed. Therefore, users should take precautions, including updating their passwords immediately, to protect their accounts.
Although the Internet Archive team is doing everything possible to restore its services and strengthen its security systems, the full scale of the damage still needs to be determined. The breach could have lasting effects, not only for the organisation but also for the millions of users whose data was compromised.
Why it matters and looking ahead
This cyberattack strikes a significant blow to the Internet Archive, which plays a crucial role in preserving digital history. Since its founding in 1996, the Internet Archive has aimed to provide “universal access to all knowledge,” which is an invaluable resource for researchers, journalists, and the general public.
While the hackers' exact motivations remain unknown, some cybersecurity experts speculate that they may have been searching for specific information or attempting to alter records stored in the archive. Either way, the incident is a stark reminder of the vulnerabilities within digital systems—even those dedicated to safeguarding the world's digital history.
This cyberattack not only compromises user data but also temporarily cuts off access to a vital tool for countless internet users around the globe. As the Internet Archive continues its efforts to recover, all users are advised to change their passwords and remain on the lookout for any signs of misuse of their personal information.
The road to full recovery may take time, but one thing is clear: in today's digital world, even the most trusted platforms are not immune to cyberattacks.
