THE Internet Archive fell victim to a major cyberattack in fall 2024, along with its digital library and Wayback Machine.
The data of millions of users has been compromised — here’s everything you need to know about the attack, plus how to stay safe online.
The data of 31million people was stolen during the Internet Archive breach[/caption]
How the Internet Archive Data breach happened
The incident began on October 9, 2024, when a malicious JavaScript pop-up appeared on the Internet Archive website, alerting visitors to a security breach potentially affecting 31million users.
The message read: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
The message not only indicated that the breach had taken place, but also directed users to Have I Been Pwned (HIBP) — a site where individuals can check if their email addresses and passwords have been compromised in data breaches.
This coincided with distributed denial-of-service (DDoS) assaults that began on October 8, aimed at disrupting the Internet Archive’s website and servers, while also rendering the Wayback Machine inaccessible.
The Wayback Machine
The Wayback Machine is a digital archive of the World Wide Web, operated by the Internet Archive, a nonprofit organization based in San Francisco.
Established in 1996 and publicly launched in 2001, it enables users to access archived versions of websites, effectively allowing them to “travel back in time” to see how web pages appeared at various points in history.
The Internet Archive Data breach
Troy Hunt, founder of Have I Been Pwned (HIBP), confirmed that the attack occurred in September, exposing 31 million email addresses, usernames, bcrypt password hashes, and other internal system data.
The stolen database, a 6.4GB SQL file named ‘ia_users.sql’ contained records up to September 28, 2024.
Internet Archive Data breach details
The cyberattack involved multiple components:
- Data breach: Compromising user information
- Website defacement: Through a JavaScript library exploit
- Distributed Denial-of-Service (DDoS) attacks: Rendering services like the Wayback Machine inaccessible
Brewster Kahle, the Internet Archive’s founder, acknowledged the breach and outlined the organization’s response.
He wrote on X/Twitter: “What we know: DDoS attack — fended off for now; defacement of our website via JS library; breach of usernames / email / salted-encrypted passwords.
“What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.”
Claimed responsibility
A ‘hacktivist’ group called SN_BlackMeta claimed responsibility for the DDoS attacks.
The group, linked to pro-Palestinian movements, stated their attack lasted five hours and targeted the Archive due to perceived connections with the US.
Protect yourself from phishing
The breach exposed 31 million unique email addresses, screen names and bcrypt-hashed passwords.
Bcrypt is an adaptive cryptographic hash function specifically designed for securely hashing passwords.
Password hashing is the process of transforming a plaintext password into a fixed-size string of characters — called a hash — using a mathematical algorithm.
While bcrypt is a strong encryption algorithm, users are advised to change their passwords, especially if reused across platforms.
The Internet Archive is currently working to restore services and enhance security measures.
Kahle stated: “We are working to restore services as quickly and safely as possible.”
Affected users should:
- Change passwords, particularly if reused on other platforms
- Avoid downloading or interacting with files from the Internet Archive until the organization declares the breach resolved
