On Wednesday afternoon, the Internet Archive suffered a significant Distributed Denial-of-Service (DDoS) attack, which led to a major outage and rendered the service offline by Thursday. Brewster Kahle, the founder and digital librarian of the Internet Archive, confirmed that this attack not only disrupted access but also caused a serious security breach, exposing sensitive information from over 31 million user accounts.
A post on X stated that the platform experienced a "defacement of our website" alongside the breach that revealed usernames, email addresses, and bcrypt password hashes for more than 31 million users. This breach raises serious concerns about user privacy and the integrity of data, especially considering the Internet Archive's role in preserving historical web pages, books, and other media.
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.— Brewster Kahle (@brewster_kahle) October 10, 2024
Without the Internet Archive, so much would become lost.
We're not talking about only lost media either, actual pieces of HISTORY would become lost forever.
The moment the Internet Archive comes back, we have to support this website more than we ever have. pic.twitter.com/cg6Cb2zuPj — Lost Media Busters (@LostMediaBuster) October 10, 2024
The defacement involved hackers injecting a provocative message into the Internet Archive's site, which read: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!" This message not only taunted users but also directed attention to "Have I Been Pwned" (HIBP), a platform that informs individuals if their account details have been compromised in data breaches.
Following the attack, HIBP confirmed the breach, noting the theft of 31 million records from Internet Archive users. This alarming revelation highlights the vulnerabilities faced not just by the Internet Archive but by all digital platforms that manage sensitive information.
Internet Archive situation in a nutshell https://t.co/9BrTQHo0CY pic.twitter.com/JqEDElfZns — IVV (@IVVisgreat) October 10, 2024
As investigations continue, concerns about cybersecurity take center stage. DDoS attacks can flood a server with traffic, rendering it inoperable, while data breaches expose personal information, putting users at risk of identity theft and fraud. The Internet Archive’s mission to provide access to historical content has been overshadowed by this security crisis, prompting urgent questions about how digital platforms can better protect user data in an increasingly hostile online environment.
In light of this breach, users are strongly encouraged to change their passwords and monitor their accounts for any unusual activity. The Internet Archive has reiterated its commitment to enhancing security measures and restoring services, but this incident serves as a stark reminder of the ongoing challenges organizations face in maintaining cybersecurity.
🚨BREAKING🚨: The Internet Archive's contents haven't been affected/stolen/removed by the numerous recent hacks.
The Internet Archive will RETURN once internal systems are upgraded! https://t.co/aDqPa40V3X pic.twitter.com/XWiGbKH7Qj — Lost Media Busters (@LostMediaBuster) October 10, 2024
As the digital landscape evolves, ensuring the security of user data remains a critical priority for all online services. The Internet Archive’s experience underscores the need for robust security protocols and continuous vigilance against cyber threats, reminding us all of the importance of safeguarding our digital lives.
SEE ALSO: Xiaomi's New Patent Reveals Plans For Detachable Foldable Device