Massive Breach at Internet Archive's Wayback Machine - Millions of user records compr

[harlan4096]

The Internet Archive has been hacked. The data breach has resulted in the theft of credentials of 31 million users.

Good to know: The Internet Archive is a non-profit organization that aims to preserve content that would otherwise be lost forever. Google's started to add links to the archive in Google Search.

Internet Archive's Wayback Machine hacked, and user data stolen

Users who visited The Wayback Machine yesterday were greeted by a message on the website which read as follows: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!


(Image credit: BleepingComputer)

For those unaware, HIBP refers to the popular website, Have I Been Pawned. BleepingComputer reports that Troy Hunt, who created HIBP told the blog that the attackers had shared the stolen authentication database with the breach notification service 9 days ago.

The Internet Archive was notified 3 days ago by Hunt, by the San Francisco based non-profit did not respond to him. You can visit https://haveibeenpwned.com/ to check if your email address has been leaked by the Internet Archive data breach.

The data that has been compromised includes the email addresses, usernames, password change timestamps, etc. But, I wouldn't panic just yet, I mean reset your password if you want to. But it appears the passwords were not stolen, because the report only mentions Bcrypt-hashed passwords (one-way salted passwords) were compromised, which was later confirmed by cybersecurity researcher Scott Helme.

Still, the stolen records number 31 million unique email addresses, so that is a bit of a bother.  Actually, this is the perfect time to illustrate the importance of using email alias services like Simple Login, Firefox Relay, DuckDuckGo's Email Protection, etc. These services, many of which are free (with optional premium tiers), hide your real email address and give you an alias, thus making you anonymous from spam or hacks. Any emails that are sent to the alias are sent to your real email's inbox, without the sender knowing anything about it.

It is unclear how the Internet Archive was breached by the attackers. The website suffered a DDoS attack by the BlackMeta hacktivist group, which bragged that it had been doing so for over 5 hours, and that it would keep conducting the attacks. For what it's worth, the website seems fine now.

Continue Reading...