Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Internet Archive Hacked - 31 Million Users Impacted

Web Archive Hacked

The Internet Archive (archive.org) has become the target of a sustained cyber attack, leaving users and cybersecurity experts on alert. 

The popular digital library, known for its Wayback Machine and vast collection of archived web content, has grappled with a series of disruptions that began with a Distributed Denial of Service (DDoS) attack and escalated to claims of a potential security breach.

DDoS Attack Confirmed

Jason Scott, an archivist and software curator at the Internet Archive, confirmed via Mastodon that the site was experiencing a DDoS attack. 

Brewster Kahle, Digital Librarian at the Internet Archive, tweeted about the DDoS attack. 

Today, the situation was more alarming when visitors to archive.org encountered a pop-up message claiming a "catastrophic security breach." The message, which appeared to mimic a security alert, stated:

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"

Web Archive Hacked
HIBP is known as Have I Been Pwned? a well-known database for checking if personal information has been compromised in data breaches. However, it's crucial to note that at the time of reporting, there was no confirmation of an actual data breach from official Internet Archive sources.

The alert message was for a short time only; after that, the main site was replaced with a placeholder message stating, "Internet Archive services are temporarily offline," directing visitors to their X (formerly Twitter) account for updates.

Web Archive Offline

An account on the X platform, handle @Sn_darkmeta, has claimed responsibility for the DDoS attack. Disturbingly, this account has also hinted at plans for another attack, potentially escalating the situation.

However, Brewster Kahle just tweeted that the website is still under DDoS attack. 

 Internet Archive Hack Confirmed

Troy Hunt, the owner of HIBP, has confirmed the data breach of the Internet Archive. 

He told the threat actor that he had shared Internet Archieve's authentication database nine days ago, a size 6.4GB SQL file named ia_users.sql. Hunt confirms that there are 31 million unique email addresses in the database. 

The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.


Update 1 - 

It Seems it was caused by a possible supply-chain “attack” — polyfill.archive.org subdomain (archive.is):

https://polyfill.archive.org/v3/polyfill.min.js?features=fetch%2CIntersectionObserver%2CResizeObserver%2CglobalThis%2CElement.prototype.getAttributeNames%2CString.prototype.startsWith%2CArray.prototype.flat%2CURL%2CURLSearchParams

The above Pollyfill URL (sub-domain) with a malicious code returns - [Check]

alert('Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!')

Update 2 - Updated the post with the confirmation from Troy Hunt (HIBP).

Post a Comment