×

Irish Information Security Forum

Internet Archive Data Breach & DDoS attack.

Release Date:  09 October 2024

 

The Internet Archive, a non-profit digital library renowned for its "Wayback Machine," is currently under DDos attack and is down. Yesterday a significant data breach was also reported.


The reported data breach indicated personal information of approx 31 million users compromised. Visitors to archive.org yesterday morning (9th October 2024) were greeted with a JavaScript alert created by the hacker, informing them of the data breach. The breach occurred some time before September 30, 2024 when Troy Hunt, the creator of HIBP, received the stolen data. 
archive.org Internet Archive data breech

The pop-up message hack did not last long, being replaced with a message saying the site was temporarily down, before becoming totally unavailable due to an ongoing DDoS attack.

 

Internet Archive Offline message DDos Attack Data Breach October

 

The compromised data included email addresses, screen names, and bcrypt-hashed passwords stored in a 6.4GB SQL file named "ia_users.sql".  The stolen data was shared with the "Have I Been Pwned" (HIBP) service, which notifies users if their information has been compromised. The exact method used by the attackers to gain access to the database has not been publicly disclosed.

 

Have I Been Pwned (HIBP) is a free service created by Troy Hunt, a well-known security expert.  When you enter your email address into the HIBP website, it searches a database of known breaches and informs you if your information has been exposed.

HIBP Archive.org hack notice

Troy Hunt IA data breach message

 

 

DDoS Attack ongoing

 

The Internet Archive organization has been working to address the vulnerabilities and notify affected users, but is also faced ongoing Distributed Denial of Service (DDoS) attacks, further complicating their efforts to secure the site. The website is still unavailable at the time of writing (10th October 2024).

 

Russia-based hacking group SN_BLACKMETA has claimed responsibility for the ongoing DDoS attacks on its own posts on X.

 

“The Internet Archive has and is suffering from a devastating attack. We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down.”

 

SN_BLACKMETA DDoS Internet Archive x message

 

In May, the same group took the Archive offline, posting to X at the time: “We decided to take down all your online services and resources that include millions of PDF files, Footage, Saved Website History, and on top of that completely disabling your any users from accessing your files.” No motive, or demand seem to be inplay or publically expressed, other than an apparent dislike of Archive.org

 

Brewster Kahle, chair of Internet Archive’s board, posted  on X,and Mastodon:

 

“What we know: DDOS attack – fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.  What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.”

 

Intetnet Archive DDoS update message mastodon

 

 

References


HIPB
x.com

mastadon.com

theverge.com

arstechnica.com

techcrunch.com

bleepingcomputer.com

siliconrepublic.com

winbuzzer.com

 

 

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter