Internet Archive Hacked: Data of 31 Million Accounts Stolen

The Internet Archive, home of the renowned “Wayback Machine,” has experienced a significant data breach affecting over 31 million users. The breach came to light on October 9, 2024, when a threat actor compromised the site and publicly displayed a JavaScript alert, mocking the platform's security and alerting users to the breach.

The stolen data, which includes email addresses, usernames, and Bcrypt-hashed passwords, was shared with the Have I Been Pwned (HIBP) breach notification service, where users can now check if their information was exposed.

The breach reportedly occurred on September 28, 2024, when hackers stole a 6.4GB SQL file named ia_users.sql, containing sensitive user authentication data. The data was confirmed legitimate by cybersecurity expert Troy Hunt, the founder of HIBP, after reaching out to affected users. One of the users contacted, researcher Scott Helme, confirmed that the hashed password in the database matched the one he had stored in his password manager, further validating the authenticity of the breach.

In total, the compromised database exposed 31 million unique email addresses, over half of which had already been registered with HIBP from prior incidents. The stolen data includes:

• Email addresses
• Usernames (screen names)
• Bcrypt-hashed passwords
• Other internal metadata like password change timestamps

While it remains unclear how the attackers initially gained access to the Internet Archive's systems, the breach followed a DDoS attack against the site, which was claimed by the hacktivist group BlackMeta. The group has also threatened further attacks.

In response, Brewster Kahle, the founder of the Internet Archive, downplayed the incident as primarily a DDoS attack and a defacement of the site via a compromised JavaScript library. He assured users that steps have been taken to disable the malicious script, scrub the systems, and enhance overall security.

What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.

What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.

Will share more as we know it.

— Brewster Kahle (@brewster_kahle) October 10, 2024

However, at the time of reporting, the Internet Archive had not provided any detailed comment on the breach or how it unfolded.

The Internet Archive, established in 1996, is a vital resource that stores billions of web pages and digital content, including historical versions of websites, through its Wayback Machine. With a global user base and a mission to provide universal access to knowledge, the breach of such a platform could have wide-reaching consequences, as users from academia, journalism, and research rely on its services.

In light of the breach, users are advised to take precautionary steps, including resetting their passwords, enabling 2FA where the option is available, and remain vigilant for phishing attempts.