On Wednesday, the Internet Archive (archive.org) was hit by a major cyberattack that exposed the data of 31 million users.
Visitors to the site were greeted with a pop-up message from the hacker, claiming the site had suffered a “catastrophic security breach.” Internet Archive founder Brewster Kahle later confirmed that a user authentication database had been compromised, and the site had been defaced via a JavaScript hack.
The hacker left a message saying, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” HIBP, short for “Have I Been Pwned?”, is a service where people can check if their data has been involved in a breach.
Troy Hunt, who runs HIBP, confirmed that nine days earlier, he received a file from the hacker containing data for 31 million users. This file included email addresses, screen names, Bcrypt-hashed passwords, and other internal information. Hunt verified the data by cross-referencing it with user accounts, including those of cybersecurity expert Scott Helme. The data appeared to be stolen in late September 2024.
Adding to the chaos, the Internet Archive was also hit with a DDoS (Distributed Denial of Service) attack that brought down its services for part of the day. Jason Scott, an archivist at the Internet Archive, shared on Mastodon that the attackers didn’t seem to have any specific demands—they were simply attacking the site because they could. Later, a hacker group known as BlackMeta took credit for the DDoS attack and hinted at more disruptions to come.
Brewster Kahle posted an update on X (formerly Twitter), confirming the breach and saying the Internet Archive had disabled the compromised JavaScript library and was upgrading its security systems. While the site initially continued running slowly, it eventually went offline, displaying a message that said, “Internet Archive services are temporarily offline.”
Troy Hunt plans to add the leaked data to the HIBP database so that affected users can check if their information was part of the breach. Meanwhile, the Internet Archive is working to clean up its systems and restore its services. The full scope of the attack is still unclear, and the investigation is ongoing.
