The reported data breach indicated personal information of approx 31 million users compromised. Visitors to archive.org yesterday morning (9th October 2024) were greeted with a JavaScript alert created by the hacker, informing them of the data breach. The breach occurred some time before September 30, 2024 when Troy Hunt, the creator of HIBP, received the stolen data.
The pop-up message hack did not last long, being replaced with a message saying the site was temporarily down, before becoming totally unavailable due to an ongoing DDoS attack.
The compromised data included email addresses, screen names, and bcrypt-hashed passwords stored in a 6.4GB SQL file named "ia_users.sql". The stolen data was shared with the "Have I Been Pwned" (HIBP) service, which notifies users if their information has been compromised. The exact method used by the attackers to gain access to the database has not been publicly disclosed.
Have I Been Pwned (HIBP) is a free service created by Troy Hunt, a well-known security expert. When you enter your email address into the HIBP website, it searches a database of known breaches and informs you if your information has been exposed.
The Internet Archive organization has been working to address the vulnerabilities and notify affected users, but is also faced ongoing Distributed Denial of Service (DDoS) attacks, further complicating their efforts to secure the site. The website is still unavailable at the time of writing (10th October 2024).
Russia-based hacking group SN_BLACKMETA has claimed responsibility for the ongoing DDoS attacks on its own posts on X.
“The Internet Archive has and is suffering from a devastating attack. We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down.”
In May, the same group took the Archive offline, posting to X at the time: “We decided to take down all your online services and resources that include millions of PDF files, Footage, Saved Website History, and on top of that completely disabling your any users from accessing your files.” No motive, or demand seem to be inplay or publically expressed, other than an apparent dislike of Archive.org
Brewster Kahle, chair of Internet Archive’s board, posted on X,and Mastodon:
“What we know: DDOS attack – fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.”
References
HIPB
x.com
mastadon.com
theverge.com
arstechnica.com
techcrunch.com
bleepingcomputer.com
siliconrepublic.com
winbuzzer.com
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more