The Internet Archive Attacked By DDoS, With Hackers Compromising Its Millions Of Registered Accounts

The Internet Archive may not be the first place people visit when attempting to browse the web.

But it's certainly one of the first destinations for whoever wish to see what the web was. The Internet Archive, with its Wayback Machine, is like the time machine of the internet.

By recording pretty much everything the web has to give since its first founding by Brewster Kahle, the website is a massive trove of valuable information.

The Internet Archive

And this time, the website has been attacked by a DDoS that crippled its system, and was defaced with a pop up to inform visitors of what happened.

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"
The Internet Archive

The hackers who compromised the website, used a JavaScript library to show the message on the defaced website.

In response to this, HIBP, or the Have I Been Pwned, a website that allows Internet users to check whether their personal data has been compromised by data breaches, confirmed of the hack and breach.

It said that 54% of the accounts were already in its database from previous breaches, meaning that out of the 31 million accounts' credentials the hackers have stolen, some 14 million accounts are new.

Its creator, Troy Hunt, added details of the timeline of the breach on his own X account.

He said that he received a heads up from someone about this on 30 September.

But he only got the chance to look at it on 5 October, since he was traveling, and that he didn't immediately grasp its importance.

After taking a closer look and realized the gravity of the situation, Hunt contacted someone at the Internet Archive and shared the data, informing them that HIBP's goal was to have it uploaded to its website within 72 hours.

On 7 October, an employee of the Internet Archive confirmed the receipt of the data, and the next day, on 8 October, Hunt advised that HIBP would proceed with uploading the data.

However, on October 9th, as the upload was still taking place, the Internet Archive was defaced and hit with a DDoS attack.

[block:block=87]

Hunt said that the hackers shared the Internet Archive's authentication database, worth 6.4GB SQL file named ia_users.sql.

The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

The most recent timestamp on the stolen records is 18 September 2024, which is likely when the database was stolen.

Jason Scott, an archivist and software curator at the Internet Archive, also confirmed that the site was experiencing a DDoS attack.

On the social media Mastodon, he shared in a post that "according to their twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands."

Later that day, in the evening, Brewster Kahle also confirmed the breach in a post on his X account.

Kahle said that the Internet Archive has disabled the malicious JavaScript library, and scrubbed the system to find any other potential issues.

He also said that the Internet Archive is upgrading security to prevent a similar thing from happening again.

The website was disabled during the overall process, in which access to the website redirected visitors to the website's X account.

When the website is put back online, it was initially slow and sluggish, before things return back to normal.