The nonprofit digital library responsible for the popular Wayback Machine web archive has been under a distributed denial of service (DDoS) attack for days – but the situation appears to have gotten worse.
Internet Archive, a popular online repository of digital and Internet records, reported suffering a “catastrophic security breach.”
The site’s founder, Brewster Kahle, had reported via posts on X that the site had been under heavy DDoS attacks for days, but the attack appears to have reached a new level in recent hours.
Visitors to the site were greeted overnight with an alarming pop-up warning of a serious data breach.
“Have you ever felt like the Internet Archive runs on USB drives and is constantly on the verge of a catastrophic security breach? says the pop-up.
“It just happened. See 31 million of you on HIBP! »
The pop-up – reported by several media outlets and observers – however, no longer appears. Instead, the archive now says it is “temporarily offline” and directs people to the website’s account on X to stay up to date on the situation.
HIBP refers to data breach tracking site Have I Been Pwned, run by Australian security researcher Troy Hunt, which confirmed the breach.
“In September 2024, the Internet Archive’s digital library suffered a data breach that exposed 31 million records,” Hunt said in an update on HIBP, suggesting that the breach itself was s was produced much earlier.
“The breach exposed user records, including email addresses, screen names, and bcrypt password hashes.”
The exact number of exposed accounts is 31,081,179.
Who is responsible?
Russia-based hacker group SN_BLACKMETA has claimed responsibility for ongoing DDoS attacks against its own publications on X.
“The Internet Archive has suffered and is suffering from a devastating attack,” the group said today (October 10).
“We launched several very successful attacks over five long hours and, as of now, all of their systems are completely down.”
Although the group did not specifically claim responsibility for the data breach, it shared a Dark Web Informer article reporting the compromise.
This is not the first time that SN_BLACKMETA – based in Novgorod Oblast, according to its X account – has targeted the Internet Archive. In late May, the group took the archive offline, posting on X the following message: “We have decided to remove all your online services and resources which include millions of PDF files, video footage, website histories saved and, in addition, completely deactivate your archives. users to access your files.
In a post on Mastodon, Internet Archive archivist Jason Scott said there appeared to be no motivation behind the attacks.
“Someone is DDOSing the Internet Archive, so we’ve been down for hours. According to their twitter [now X]they do it just to do it. Quite simply because they can. No statement, no idea, no requirement,” Scott said, before referring to the Archives’ ongoing work to preserve information.
“In the meantime, we have literally saved 400,000 theses from destruction,” Scott added.
“I like our side.”
UPDATED 10/10/24 to add comment from Troy Hunt