The Internet Archive, which runs the Archive.org digital library that preserves and archives content from across the Internet, was hit by a major hack on 10 October.
Users visiting Archive.org were met with a browser alert, displaying the message:
“Ever feel like the Internet Archive is barely held together and always on the edge of a major security disaster? Well, it just happened. See 31 million of you on HIBP!”
HIBP, short for “Have I Been Pwned“, is a website that provides breach notifications to users, alerting them when their account credentials have been compromised.
Around the same time as the above message appeared, thousands of users reported receiving emails from HIBP informing them of the hack.
The message was swiftly removed, with Archive.org then displaying a ‘temporarily unavailable’ notice to users. Later, the site became completely inaccessible to most visitors.
Later on 10 October, HIBP reported that Archive.org had suffered a significant data breach. The apparent compromise occurred last month, they said, and exposed 31,081,179 records containing email addresses, usernames, and bcrypt-hashed passwords.
A group of hackers quickly claimed responsibility for the attack on X (formerly Twitter), saying the hack was in response to the United States’ support for Israel. The group’s claim to responsibility has yet to be confirmed by any involved party or major source, however.
The group additionally said they were behind a previous DDoS of Archive.org’s servers that caused temporary disruption, as well as an ongoing DDoS attack.
1 thought on “Internet Archive suffers major data breach, theft of 31 million user records”