The Internet Archive, known for its expansive collection of digital content and historical web snapshots, suffered a significant data breach impacting a whopping 31 million users.
The Internet Archive is a nonprofit organization that provides free access to a vast digital library of websites, software, music, books, and videos. Founded in 1996, It is best known for its Wayback Machine, which stores snapshots of web pages over time, offering a glimpse of the evolution of the internet.
The breach reportedly occurred after a threat actor gained access to the Internet Archive’s website potentially exposing the personal information of millions of users. This reportedly includes usernames, email addresses, hashed passwords, and possibly additional data.
"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," read a JavaScript alert posted by the hacker on the compromised archive.org site.
There is no indication, as of yet, that financial information or highly sensitive personal details were affected.
The Internet Archive has a massive user base, making it an attractive target for cybercriminals. The large number of accounts suggests that attackers had ample opportunities to exploit any security lapses.
According to security researcher Troy Hunt, who spoke with BleepingComputer about the breach, the most recent timestamp on the stolen records is Sept. 28, 2024, which could pinpoint the date the database was stolen by the threat actor. Hunt also verified the legitimacy of the data contacting users listed in the leaked SQL file named "ia_users.sql”.
The stolen data could still have serious consequences for users, especially if they reuse passwords across multiple sites. Depending on the hashing algorithm used, the hashed passwords could potentially be cracked, giving attackers access to user accounts.
Here are some possible outcomes for affected users:
Upon learning of the breach, the Internet Archive took steps to contain the incident.
Brewster Kahle, group chair and digital librarian at the Internet Archive, posted a statement on X regarding the incident:
“What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it.”
If you’re an Internet Archive user, there are several steps you should take to protect your data:
Pro tip: Use identity protection tools
With Bitdefender Digital Identity Protection, you gain the tools and insights needed to protect your identity and keep your online accounts secure.
By monitoring the dark web, providing real-time alerts, and offering actionable steps to mitigate the risks. Use Bitdefender’s Digital Identity Protection for:
- Instant Alerts: You can immediately react to data breaches and privacy threats and take swift action to prevent damage, such as changing passwords, via one-click action items.
- Real-time monitoring: The service continuously scans the internet and dark web for your personal information. You will receive alerts whenever your data is involved in a breach or leak.
- Peace of mind: This service immediately flags suspicious activity and actively monitors personal information for peace of mind.
- A 360° view of all your personal data: See your digital footprint, including traces from services you no longer use but that still have your data, and even send requests for data removal from service providers.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024