The Internet Archive (archive.org) has become the target of a sustained cyber attack, leaving users and cybersecurity experts on alert.
The popular digital library, known for its Wayback Machine and vast collection of archived web content, has grappled with a series of disruptions that began with a Distributed Denial of Service (DDoS) attack and escalated to claims of a potential security breach.
DDoS Attack Confirmed
Jason Scott, an archivist and software curator at the Internet Archive, confirmed via Mastodon that the site was experiencing a DDoS attack.
Brewster Kahle, Digital Librarian at the Internet Archive, tweeted about the DDoS attack.
— Internet Archive (@internetarchive) October 8, 2024
Today, the situation was more alarming when visitors to archive.org encountered a pop-up message claiming a "catastrophic security breach." The message, which appeared to mimic a security alert, stated:
"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"
The alert message was for a short time only; after that, the main site was replaced with a placeholder message stating, "Internet Archive services are temporarily offline," directing visitors to their X (formerly Twitter) account for updates.
An account on the X platform, handle @Sn_darkmeta, has claimed responsibility for the DDoS attack. Disturbingly, this account has also hinted at plans for another attack, potentially escalating the situation.
The Internet archive has and is suffering from a devastating attack We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down.
— 𝐒𝐍_𝐁𝐋𝐀𝐂𝐊𝐌𝐄𝐓𝐀 (@Sn_darkmeta) October 9, 2024
second round | New attack
09/10/2024 Duration 6 hours… pic.twitter.com/SL9lz4gSld
However, Brewster Kahle just tweeted that the website is still under DDoS attack.
Yesterday's DDOS attack on @internetarchive repeated today. We are working to bring https://t.co/Hk02WjumkL back online.
— Brewster Kahle (@brewster_kahle) October 9, 2024
Internet Archive Hack Confirmed
Troy Hunt, the owner of HIBP, has confirmed the data breach of the Internet Archive.
Hi folks, yes, I'm aware of this. I've been in communication with the Internet Archive over the last few days re the data breach, didn't know the site was defaced until people started flagging it with me just now. More soon. https://t.co/uRROXX1CF9
— Troy Hunt (@troyhunt) October 9, 2024
He told the threat actor that he had shared Internet Archieve's authentication database nine days ago, a size 6.4GB SQL file named ia_users.sql. Hunt confirms that there are 31 million unique email addresses in the database.
The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.
Update 1 -
It Seems it was caused by a possible supply-chain “attack” — polyfill.archive.org subdomain (archive.is):
https://polyfill.archive.org/v3/polyfill.min.js?features=fetch%2CIntersectionObserver%2CResizeObserver%2CglobalThis%2CElement.prototype.getAttributeNames%2CString.prototype.startsWith%2CArray.prototype.flat%2CURL%2CURLSearchParams
The above Pollyfill URL (sub-domain) with a malicious code returns - [Check]
alert('Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!')
Update 2 - Updated the post with the confirmation from Troy Hunt (HIBP).