The Internet Archive and the Wayback Machine went down on Tuesday following an ongoing cyber attack. Additionally, Archive user data has been compromised. If you’ve logged into the site to check your adequate archive, it’s time to change your passwords.
On October 8, it became clear that something was wrong. “DDOS on Tuesday? The last time was on Monday,” said Internet Archive founder Brewster Kahle send to X. On Tuesday, things got worse. The site was down and someone had damaged it. Removing the site triggered a JavaScript warning.
“Have you ever felt like the Internet Archive is running on sticks and constantly vulnerable to catastrophic security breaches? This just happened. See your 31 million in HIBP!” Said the little guard.
“HIBP” is Have I Been Pwned, a website where you can check an email address against a data breach to see if it has been compromised. In a post on X, HIBP said that 54% of emails contained in the IA violation was on the website before this latest violation occurred.
HIBP founder Troy Hunt told BleepingComputer that hackers shared the Internet Archive’s authentication database with him 10 days ago. The SQL file contained email addresses, screen names, password change timestamps, and Bcrypt-hashed passwords of registered users of the Archive.
In a post on X, Hunt explained the timeline of events.
Let me share more in this order:
30 Sep: Someone sends me a violation, but I’m leaving and I didn’t see the value
5 Oct: I get a chance to watch it – wow!
6 Oct: I contact someone at IA and send the data, letting them know that our goal is to load…– Troy Hunt (@troyhunt) October 9, 2024
Kahle followed up on October 9. “What we know: DDOS attack–protected for now; the corruption of our website by the JS library; breach of usernames/email/passwords encrypted with salt,” he said to X. “What we did: Blocked the JS library, scrubbed programs, and improved security.”
The next morning, the Archive was back offline. “Sorry, but the DDOS people are back and knocking archive.org and openlibrary.org offline,” Kahle said in a follow-up post to X.[Archive] monitor and prioritize keeping data safe at the expense of service availability.”
A pro-Palestinian hacktivist group called SN_BLACKMETA has it take responsibility by hacking X and Telegram. “They are being attacked because the warehouse belongs to the USA, and as we all know, this horrible and hypocritical government supports the killing of people by the terrorist state of Israel,” the group told X when someone asked. why they followed the Archive.
The group detailed their thinking in a since-deleted post on X. Jason Scott, archivist at the Archives, screenshot it and share it. “Everyone calls this organization ‘non-profit’, but if its roots are really in the United States, as we believe, then every ‘free’ service they provide bleeds millions of people. Foreign nations do not impose their values beyond their borders. Many young children are crying in the comments and most of those comments are from the Zionist group of bots and fake accounts,” the document said.
SN_BLACKMETA also claimed responsibility for a six-day DDoS attack on the Archive in May. “Since the attack began on Sunday, DDoS intrusions have been launching tens of thousands of disinformation requests per second. The origin of the attack is unknown,” said Chris Freeland, Director of Library Services at the Archive in a post about the attack back in May.
SN_BLACKMETA launched its Telegram channel on November 23 and has claimed responsibility for several other attacks including a six-day DDoS run on Arab financial institutions and various attacks on Israeli technology companies in the spring.
It’s been a rough year for the Internet Archive. In July, the site went down due to “environmental factors” during the extreme heat in the US.
“If our sponsors around the world think this latest situation is offensive, they should be more concerned about what the publishing and recording industries are thinking,” Kahle wrote about the DDoS attack in May. “I think they are trying to destroy this library and mix all the libraries everywhere. But as we fight back against DDoS attacks, we appreciate all the support to reverse this unjust case against our library and others.”
The Internet Archive did not return Gizmodo’s request for comment.
