The Internet Archive Suffers Major Data Breach: 31 Million Users Impacted

Date:

  • The Internet Archive was recently compromised – the breach leaked the data of 31 million users.
  • Leaked data includes their usernames, email addresses, and passwords. Circulation began on September 30.
  • The company has addressed the issue and assured that they are trying their best to mitigate the damage.

The Internet Archive's Data Breached: 31 Million Users Impacted

The Internet Archive suffered a major data breach that left the data of 31 million users exposed. The news about the breach first started circulating on Wednesday afternoon after users visiting archive.org saw a JavaScript alert created by the hacker.

‘Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!, – The Internet Archive Website

For those who don’t know, HIBP stands for Have I Been Pwned – it’s a data breach notification service where hackers often share stolen data. Troy Hunt, the creator of this service said that although the news has just come to light, the hackers have been circulating the data they stole since September 30.

Hunt did reach out to the platform to start the disclosure process but it hasn’t responded. So he went ahead by himself – finished analyzing the data by October 5 and posted it on his site on October 10.

So, if you have any reason to believe that your data might have been compromised, you can go check it out since the data has been verified and it’s 100% accurate. Hunt contacted some of the users and even talked to cybersecurity researcher Scott Helme before vouching for the authenticity of the data.

About the Stolen Data

  • The data was shared through a 6.4GB SQL file named “ia_users.sql.”
  • It contains identifiable information such as usernames, email addresses, password change timestamps, password hashes, and a few other details.
  • The password hashes are generated with the Bcrypt algorithm.

How easy or difficult they will be to crack depends on the strength of the password. If it’s weak it can be done within minutes but if it’s strong, they might never be able to crack it. How the threat actors managed to compromise the site and steal the data is yet to be known.

What Does the Internet Archive Have to Say About This?

The Internet Archive has been fairly quiet since the news came out. Mostly because along with this data breach, the platform has also been struggling with a series of DDoS attacks for the past few days due to which the site has been offline for most of the time. Even at the time of writing, the site’s offline.

A hacktivist group called BlackMeta has claimed responsibility for these attacks but it’s not believed to be connected to the data breach.

Brewster Kahle, founder of The Internet Archive, has confirmed the attack and assured that they are taking steps to fix it. In an update on X, he also added that so far they have disabled the JS library, and are working on cleaning their systems and upgrading their security.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

Popular

More like this
Related

Discord’s new feature feels a lot like spying. Here’s how to disable it

Image: Discord Discord started off as just a chatroom with...

Malwarebytes Premium Security review: An antimalware staple is now optional

Skip to content Image: Alaina Yee / Foundry At a glanceExpert's...

Only one day left to get this $18 tool that could help you avoid missing project deadlines

Skip to content Image: StackCommerce TL;DR: Microsoft’s leading project management software,...

The original Unreal is free online, Epic Games says it’s fine

Image: Epic Games Game preservation, or lack thereof, is a...