Mr Viral
The Internet Archive was recently compromised – the breach leaked the data of 31 million users.
Leaked data includes their usernames, email addresses, and passwords. Circulation began on September 30.
The company has addressed the issue and assured that they are trying their best to mitigate the damage.
The Internet Archive suffered a major data breach that left the data of 31 million users exposed. The news about the breach first started circulating on Wednesday afternoon after users visiting archive.org saw a JavaScript alert created by the hacker.
‘Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!, – The Internet Archive Website
For those who don’t know, HIBP stands for Have I Been Pwned – it’s a data breach notification service where hackers often share stolen data. Troy Hunt, the creator of this service said that although the news has just come to light, the hackers have been circulating the data they stole since September 30.
Hunt did reach out to the platform to start the disclosure process but it hasn’t responded. So he went ahead by himself – finished analyzing the data by October 5 and posted it on his site on October 10.
So, if you have any reason to believe that your data might have been compromised, you can go check it out since the data has been verified and it’s 100% accurate. Hunt contacted some of the users and even talked to cybersecurity researcher Scott Helme before vouching for the authenticity of the data.
About the Stolen Data
The data was shared through a 6.4GB SQL file named “ia_users.sql.”
It contains identifiable information such as usernames, email addresses, password change timestamps, password hashes, and a few other details.
The password hashes are generated with the Bcrypt algorithm.
How easy or difficult they will be to crack depends on the strength of the password. If it’s weak it can be done within minutes but if it’s strong, they might never be able to crack it. How the threat actors managed to compromise the site and steal the data is yet to be known.
What Does the Internet Archive Have to Say About This?
The Internet Archive has been fairly quiet since the news came out. Mostly because along with this data breach, the platform has also been struggling with a series of DDoS attacks for the past few days due to which the site has been offline for most of the time. Even at the time of writing, the site’s offline.
A hacktivist group called BlackMeta has claimed responsibility for these attacks but it’s not believed to be connected to the data breach.
Brewster Kahle, founder of The Internet Archive, has confirmed the attack and assured that they are taking steps to fix it. In an update on X, he also added that so far they have disabled the JS library, and are working on cleaning their systems and upgrading their security.
GIPHY App Key not set. Please check settings