The Internet Archive has been hacked. The data breach resulted in the credentials of 31 million users being stolen.
Good to know: The Internet Archive is a non-profit organization whose purpose is to preserve content that would otherwise be lost forever. Google has started adding links to collections to Google Search.
Internet Archive's Wayback Machine hacked and user data stolen
Users who visited wayback machine Yesterday I was greeted by a message on the website that read: “Have you ever felt like the Internet Archive walks on sticks and is constantly on the verge of experiencing a catastrophic security breach? It just happened. On HIBP you View 31 million out of!
(Image credit: BleepingComputer)
For those unaware, HIBP refers to the popular website, Have I Been Pond. bleepingcomputer Troy Hunt, creator of HIBP, told the blog that the attackers shared the stolen authentication database with the breach notification service nine days ago, the report said.
Internet Archive was informed by Hunt three days ago, but the San Francisco-based nonprofit did not respond. you can visit https://haveibeenpwned.com/ To check if your email address was leaked by the Internet Archive data breach.
The data that has been compromised includes email addresses, usernames, password change timestamps, etc. But, I wouldn't panic right now, I mean reset your password if you want. But it appears that the passwords were not stolen, as the report only mentions that Bcrypt-hashed passwords (one-way salted passwords) were compromised, which was later confirmed by cybersecurity researcher Scott Helme Was.
Still, the number of records stolen is 31 million unique email addresses, so it's a bit disturbing. Actually, this is the right time to explain the importance of using email alias services like Simple Login, Firefox Relay, DuckDuckGo's Email Protection, etc. These services, many of which are free (with optional premium tiers), hide your real email address and give you an alias, thus making you anonymous from spam or hacks. Any emails sent to the alias are sent to the inbox of your real email, without the sender knowing anything about it.
It is unclear how the Internet Archive was breached by the attackers. The website suffered a DDoS attack by the Blackmeta hacktivist group, who claimed that it had been doing so for over 5 hours, and would continue to conduct attacks. For what it's worth, the website looks fine now.
On a side note, the Internet Archive lost its legal battle against Hachette when the US Court of Appeals for the Second Circuit ruled that the Digital Archive violated copyright law. Internet Archive appealed that its lending library adheres to the fair use doctrine which allows copyright infringement in certain scenarios. The court rejected this argument. (via wired,
Here's some context, Internet Archive's National Emergency Library helped many people, including students, during the COVID-19 pandemic when they couldn't access books. They can use Open Library to access scanned versions of physical books. However this raised concerns among publishers, who criticized it as theft of copyrighted material and soon filed a lawsuit against the Internet Archive. Unexpectedly, the Internet Archive lost the case, but the court recognized it as a non-profit operation.
So this data breach means nothing to me. Do you remember when a ransomware gang targeted a hospital? The Internet Archive is a non-profit organization, essentially a public service. What are the hackers trying to prove? If they find the site's security compromised, why not alert them or help fix the problems? Of course, the fact that user data was taken could potentially be used for cross-checking and violating other services. But still, this is an unusual attack as the usual targets are businesses.
Thanks for reading..
