Internet Archive data breach impacted 31M users

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.”

The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials. As of September 5, 2024, the Internet Archive held more than 42.1 million print materials, 13 million videos, 1.2 million software programs, 14 million audio files, 5 million images, 272,660 concerts, and over 866 billion web pages in its Wayback Machine. Its mission is committing to provide “universal access to all knowledge”.

Internet Archive’s “The Wayback Machine” suffered a data breach, threat actors gained access to a user database containing data of 31 million users.

Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked.

Internet Archive hacked. 31M records breached

The breach exposed user records including email addresses, screen names and bcrypt password hashes.

HIBP permalink: https://t.co/HyvfKCB3pa pic.twitter.com/Oc2Qvrh6Ov

— HackManac (@H4ckManac) October 10, 2024

The threat actors that breached the popular website have shared a copy of the stolen data with the data breach notification service Have I Been Pwned data.

HIBP confirmed that the stolen archive had 31M records, including email address, screen name, bcrypt password hash, and timestamps for password changes. HIBP added that 54% of the stolen record were already in its platform.

Troy Hunt told BleepingComputer that the leaked Internet Archive’s file is a 6.4GB SQL file named “ia_users.sql.”

New breach: Internet Archive had 31M records breached last month including email address, screen name and bcrypt password hash. 54% were already in @haveibeenpwned. Read more: https://t.co/1d9Mxv97Ac

— Have I Been Pwned (@haveibeenpwned) October 9, 2024

Hunt noticed that most recent timestamp on the database records is September 28th, 2024, which is likely the date of the data exfiltration. Hunt will add the information of the impacted users to HIBP very soon.

Hunt also verified the authenticity of the information included in the stolen archive.

The Internet Archive founder, Brewster Kahle, also confirmed that a DDoS attack has brought the website offline several times since Tuesday.

Sorry, but DDOS folks are back and knocked https://t.co/Hk02WjumkL and https://t.co/Xb2ku5dgZs offline. @internetarchive is being cautious and prioritizing keeping data safe at the expense of service availability.

Will share more as we know it.

— Brewster Kahle (@brewster_kahle) October 10, 2024

At this time, the website shows a message informing users that “Internet Archive services are temporarily offline.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Internet Archive)