Hackers have launched a cyberattack on the Internet’s history weeks before Kamala Harris and Donald Trump will face off in the US presidential election.
The Internet Archive, a non-profit which operates the Wayback Machine, became the target of a data breach on Thursday.
Details of at least 31 million people were compromised as a result, including their email addresses, screen names and passwords.
An account on X under the name SN_BlackMeta has claimed responsibility for the attack and implied that further action is planned.
The Internet Archive is known for its digital library and the Wayback Machine.
The first clue that something had gone wrong came from the service itself as the display of a JavaScript alert popped up for visitors to the archive.org site.
It read: ‘Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach?
‘It just happened. See 31 million of you on HIBP!’
The breach was accompanied by a series of Distributed Denial-of-Service (DDoS) attacks that temporarily took down the organisation’s website, archive.org.
The Internet Archive services are still offline, including Wayback Machine which is also inaccessible right now.
Troy Hunt, the founder of the Have I Been Pwned data breach notification service referenced in the hacker’s note, told Bleeping Computer, that the threat actor had shared a 6.4GB database with them some days ago.
It contains authentication information for registered members, including emails, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.
It was hours later that the Internet Archive finally confirmed the incident.
Brewster Kahle, digital librarian at the organisation, posted on X: ‘What we know: DDoS attack – fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
‘What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it.’
In an update late last night, he apologised for the disruption, but said that data has not been corrupted.
‘Services are currently stopped to upgrade internal systems. We are working to restore services as quickly and safely as possible,’ he added.
.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.