The Internet Archive on Wednesday suffered a major data breach, exposing the personal data of 31 million users. The attack compromised email addresses, screen names, and encrypted passwords, prompting cybersecurity experts to urge users to change their passwords immediately. The breach has raised concerns about data privacy and the security of the popular digital library, best known for its Wayback Machine.
The attack, which surfaced on October 9, revealed the details of millions of users after a JavaScript (JS) library on the Internet Archive's website was exploited. A pop-up message on the site alerted visitors, stating: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"
This message referred to the service Have I Been Pwned? (HIBP), which helps users determine if their data has been compromised in a breach.
The database, which has been shared with cybersecurity experts, contained email addresses, screen names, passwords, and other internal data for 31 million unique email addresses. Troy Hunt, founder of Have I Been Pwned?, confirmed receiving a 6.4 GB database file from the attackers. Mr Hunt also noted that over half of the email addresses had already appeared in previous data breaches.
Internet Archive's Response
Brewster Kahle, the founder of the Internet Archive, acknowledged the breach and the ongoing Distributed Denial-of-Service (DDoS) attacks affecting the platform. In a post on X (formerly Twitter), Mr Kahle wrote: "What we know: DDOS attack fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we've done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it."
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
What we've done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
Despite the initial efforts to fend off the attack, the Internet Archive's website, archive.org, and its Wayback Machine have been intermittently inaccessible. The organisation has been scrubbing its systems and upgrading security as a response to the breach.
Behind The Breach
The account "SN_BlackMeta" claimed responsibility for the DDoS attacks. The group stated that their campaign lasted five hours and that they were launching "highly successful attacks."
SN_BlackMeta has been previously linked to attacks on Middle Eastern financial institutions and is associated with pro-Palestinian hacktivist movements.
In an X post, the group mentioned, "The Internet Archive has and is suffering from a devastating attack. We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down."
A community note attached to this post added context, stating: "This group claims they took down the Internet Archive because it 'belongs to the USA ... who support Israel,' which is not true. The Archive is not the US government; it is a nonprofit that includes many resources about Palestine, which we can't now access because of this attack."