top of page

Internet Archive Data Breach: Hackers Respond to User Support Tickets

The Internet Archive continues to grapple with a significant security breach, as hackers maintain access to support tickets and user email addresses. Alarmingly, they are now sending replies to these support inquiries, adding further complications to the ongoing crisis.


Internet Archive Under Attack: A Timeline of Events

The Internet Archive, home to the renowned Wayback Machine, has confirmed a data breach alongside a series of Distributed Denial-of-Service (DDoS) attacks. These issues have led to a difficult period for the non-profit, which was previously targeted in May. The site recently went offline again on October 15, transitioning to a read-only state with no updates possible. This mode could continue as the organization hinted at possible further maintenance shutdowns.

While the data breach and the DDoS attacks appear unrelated, their simultaneous occurrence raises eyebrows.


Details of the Data Breach

The data breach first came to light through a report by Bleeping Computer. A threat actor compromised the Internet Archive's user authentication database, resulting in a major leak of 31 million unique records. The stolen data, which includes email addresses, screen names, password change timestamps, and Bcrypt-hashed passwords, was released in a 6.4GB SQL file labeled “ia_users.sql.”


The attacker even went as far as creating a JavaScript alert on the website, publicly announcing the breach. Security researcher Troy Hunt, known for the “Have I Been Pwned” platform, has verified that the leaked data is authentic.

In response, the Internet Archive has taken several measures, including disabling the compromised JavaScript library, conducting thorough system scrubbing, and enhancing their security protocols.


Ongoing DDoS Attacks

Alongside the data breach, the Internet Archive has been battling a DDoS attack, which temporarily took the site offline. A group named SN_Blackmeta claimed responsibility for these attacks. In a confusing message filled with antisemitic language, the group alleged that the archive “belongs to the USA,” and criticized it for perceived geopolitical reasons.


Ironically, the Internet Archive's role as a non-profit, dedicated to preserving information for all, has been disrupted by this attack. Numerous resources hosted on the site—including those related to global historical and cultural content—are now inaccessible due to the disruptions.


Legal Troubles Compound the Situation

Beyond these cyberattacks, the Internet Archive has been facing legal setbacks. Last month, a US Court of Appeals ruled against the organization in a copyright case, upholding an earlier ruling that one of the Archive’s book digitization initiatives violated copyright law. This case, Hachette v. Internet Archive, challenged the Archive’s claim that its practices were protected under the fair use doctrine.


The lawsuit stemmed from the Archive's "National Emergency Library" (NEL), launched during the COVID-19 pandemic to provide digital access to books amid widespread library closures. While the project aimed to aid students, researchers, and readers, it faced criticism for temporarily lifting the limit that ensured only one user could borrow a digital copy of a book at a time. The limit was reinstated later, but the legal challenge persisted.

Additionally, the Archive is embroiled in a separate $400 million lawsuit filed by several music labels over copyright issues. This legal battle poses a severe financial threat, with the potential to bankrupt the organization.


A Critical Moment for the Internet Archive

The recent data breach and DDoS attacks come at a precarious time for the Internet Archive. As it navigates security challenges and legal disputes, the non-profit's mission to preserve and provide access to digital information is under strain.


The organization is working to regain control of its systems and bolster security measures, but the hackers' ongoing access to user data remains a serious concern. Meanwhile, users and supporters of the Internet Archive are left in a state of uncertainty, waiting for the outcome of these concurrent crises.


For users who may have been affected by the breach, it's recommended to stay vigilant about potential phishing attempts and monitor their accounts for unusual activity. As the situation develops, the Internet Archive's response will be crucial in rebuilding trust and ensuring the safety of its digital library.


What Happened?

The Internet Archive, home of the Wayback Machine, has faced a significant data breach alongside Distributed Denial-of-Service (DDoS) attacks, leading to serious disruptions. The breach came to light when a threat actor accessed and stole a user authentication database, exposing 31 million records, including email addresses, screen names, and Bcrypt-hashed passwords. This stolen data was leaked online in a 6.4GB SQL file. To announce the attack, the hackers even placed a JavaScript alert on the Internet Archive website.


Simultaneously, the Archive faced a DDoS attack that temporarily took the site offline. A group named SN_Blackmeta claimed responsibility, citing confusing and antisemitic motives for their actions. These incidents are not only impacting the Archive's operations but also hindering access to valuable historical and cultural information hosted on the platform.


What is the Current Situation?

As of October 21, the hackers still have access to the Internet Archive's support ticketing system and the email addresses of users who submitted inquiries. They are now sending replies to these support tickets, raising concerns about further exploitation of the data. The site, which was taken offline on October 15, remains in read-only mode as a precaution, with no updates possible for users. The Internet Archive has confirmed the data breach, disabled the compromised JavaScript library, and is working to secure its systems.


The DDoS attacks, which initially took the site offline, have been mitigated for now, but the Archive remains cautious about further disruptions. Meanwhile, the organization is also facing legal challenges, including a recent ruling against its digital book lending practices and a looming lawsuit from music labels seeking $400 million in damages, which could threaten its financial stability.


What Can Be Done Going Forward to Address This?

To address the immediate threat of the data breach and prevent further exploitation, the Internet Archive needs to prioritize enhancing its cybersecurity measures. This could include:


  1. Strengthening System Security: Implementing advanced monitoring systems, multi-factor authentication, and encryption protocols can help prevent similar breaches in the future.

  2. User Communication and Support: The organization should keep affected users informed about potential risks, advise them to change passwords, and remain vigilant against phishing attempts or suspicious emails.

  3. Collaborating with Security Experts: Working closely with cybersecurity professionals can help identify and address vulnerabilities, and improve the Archive’s resilience against further DDoS attacks.

  4. Legal Strategy and Community Support: To mitigate legal risks, the Internet Archive should continue to fight for its digital lending rights while also seeking community and donor support. This could help sustain its operations and maintain its mission of providing open access to information.


By addressing these areas, the Internet Archive can aim to restore user trust and reinforce its role as a critical resource for digital preservation and access.

2 views0 comments

Comments


bottom of page