Internet Archive data breach impacted 31M users

Pierluigi Paganini October 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.”

The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials. As of September 5, 2024, the Internet Archive held more than 42.1 million print materials, 13 million videos, 1.2 million software programs, 14 million audio files, 5 million images, 272,660 concerts, and over 866 billion web pages in its Wayback Machine. Its mission is committing to provide “universal access to all knowledge”.

Internet Archive’s “The Wayback Machine” suffered a data breach, threat actors gained access to a user database containing data of 31 million users.

Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked.

The threat actors that breached the popular website have shared a copy of the stolen data with the data breach notification service Have I Been Pwned data.

HIBP confirmed that the stolen archive had 31M records, including email address, screen name, bcrypt password hash, and timestamps for password changes. HIBP added that 54% of the stolen record were already in its platform.

Troy Hunt told BleepingComputer that the leaked Internet Archive’s file is a 6.4GB SQL file named “ia_users.sql.”

Hunt noticed that most recent timestamp on the database records is September 28th, 2024, which is likely the date of the data exfiltration. Hunt will add the information of the impacted users to HIBP very soon.

Hunt also verified the authenticity of the information included in the stolen archive.

The Internet Archive founder, Brewster Kahle, also confirmed that a DDoS attack has brought the website offline several times since Tuesday.

At this time, the website shows a message informing users that “Internet Archive services are temporarily offline.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Internet Archive)



you might also like

leave a comment