Internet Archive user info stolen in cyberattack, succumbs to DDoS

31M folks' usernames, email addresses, salted-encrypted passwords now out there

The Internet Archive had a bad day on the infosec front, after being DDoSed and having had its user account data stolen in a security breach.

On Wednesday afternoon US time the outfit’s digital librarian Brewster Kahle revealed a DDoS attack had made the site unavailable. The Register understands the maliciously caused outage may have lasted up to five hours.

While that was happening, data leak notification service Have I Been Pwned (HiBP) shared news of a cyberattack in which information on 31,081,179 archive user accounts appears to have been pilfered or accessed by one or more miscreants.

That info includes contact details and hashed passwords.

Register staff received mails from HIBP that state: “The breach exposed user records including email addresses, screen names and bcrypt password hashes.”

Kahle later confirmed the theft of the data, adding the service suffered a “defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.”

Meaning someone was able to swipe the user records, and use a poisoned library to display this message to visitors: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened."

The org has disabled the vandalized JavaScript library, and is “scrubbing systems, upgrading security.”

Kahle offered no detail beyond that but promised to “share more as we know it.”

It is unclear if the DDoS and security breach are linked.

The Register sought comment from the online archive but had not received a response at the time of publication.

The two incidents continue an unhappy 2024 for the Internet Archive, which has lost a case regarding its right to lend digital assets, gone offline due to power failures, and endured other disruptive DDoS events. ®

More about

TIP US OFF

Send us news


Other stories you might like