Data Breach on Wayback Machine Exposes Personal Information of 31 Million Individuals
The Internet Archive, the non-profit organization behind the Wayback Machine, suffered a data breach on Thursday. The breach exposed the personal details of over 31 million individuals, including email addresses, usernames, and passwords. An account on X, operating under the name SN_BlackMeta, has claimed responsibility for the attack and hinted at plans for further actions, this is yet to be confirmed.
A JavaScript alert popped up for visitors to the archive.org site, It read: ‘Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!’
The term “HIBP” refers to Have I Been Pwned, a data breach notification service created by Troy Hunt. Threat actors often share stolen data with this service to help notify affected users.
Hunt informed BleepingComputer that a threat actor shared the Internet Archive’s authentication database nine days ago. The file, a 6.4GB SQL database titled “ia_users.sql,” contains authentication details of registered users, including email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.
The most recent timestamp on the stolen records is from September 28th, 2024, which is likely when the database was compromised.
Brewster Kahle who works for the affected organisation said ox X (Twitter)
The Internet Archive is a non-profit organization founded in 1996 by Brewster Kahle. Its mission is to provide “universal access to all knowledge” by archiving digital content and making it freely available to the public. The organization is best known for its Wayback Machine, which allows users to access archived versions of websites over time, capturing how they looked and functioned on different dates.
At the time of publication of this post The Internet Archive services are still offline, including Wayback Machine.
Blogger at www.systemtek.co.uk