Archive.org breach

Archive.org breach

In early October 2024, the Internet Archive, including its popular Wayback Machine, was hit by a significant cyberattack that compromised the personal data of 31 million users. The attackers managed to steal usernames, email addresses, and bcrypt-hashed passwords. The breach also included timestamps related to password changes, indicating when users last updated their credentials.

The breach was discovered after users received an alarming JavaScript alert while visiting archive.org, revealing that their data had been compromised. Alongside this, a 6.4GB database containing sensitive information was shared with Troy Hunt, the founder of Have I Been Pwned, a platform for tracking data breaches.

Additionally, the Internet Archive suffered from Distributed Denial of Service (DDoS) attacks, which temporarily took down their site. These attacks were claimed by the hacktivist group DarkMeta, citing the site’s perceived affiliation with U.S. interests in their pro-Palestinian rhetoric. Despite these claims, the DDoS attacks and data breach appear to be separate incidents​.

 

Brewster Kahle, the founder of the Internet Archive, confirmed the breach and stated that the team is actively upgrading security and scrubbing their systems to prevent further damage​. As the breach unfolds, users are advised to check Have I Been Pwned to see if their data was exposed and to update their passwords if necessary.

Share this content: