'Catastrophic' security breach as 31,000,000 passwords are stolen in Internet Archive hack

The Internet Archive Wayback Machine is a fundamental area of the Internet as we know it.

With some of the biggest search engines being almost unusable, or now just regurgitating AI slop, being able to find old pages, especially for sites that no longer exist, is a lifesaver.

Not to mention a great step forward in the effort of preservation.

Yes, even those Angelfire and Geocities fan sites of the 90s, with their low-resolution gifs and guestbook counters deserve to be preserved.

Sadly, just like any area of the internet, the Internet Archive isn’t free of being at the mercy of nonsense hackers.

As of typing, the Internet Archives Way Back Machine has been the target of a DDoS attack, and around 31 million passwords have been compromised.

The DDoS (Distributed Denial of Service) attack was confirmed by Internet Archive founder Brewster Kahle on October 10th, 2024. Kahle took to X (formerly Twitter) to update fans, and internet users alike and state that the website had been ‘defaced’ via a JavaScript library.

The attack was first discovered by visitors of the Way Back Machine on Wednesday October 9th. Those who visited the site were greeted with a JavaScript pop-up which read, 'Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!'

The 'HIBP' acronym, in this case, likely refers to the site 'Have I been Pwned', a website which anyone can use to look up if their own personal date had been involved in a cyberattack.

As reported by Forbes, Founder of HIBP, Troy Hunt had reported to Bleeping Computer, that the hacker shared a databse with them containing 6.4GB worth of data.

This data consisted of info for registered members of the Internet Archive Way Back Machine, including email addresses, screen names, password change timestampes, Bcrypt-hashed password and 'other internal data'.

It was here, to Bleeping Computer, that Hunt confirmed that 31 million email addresses, were involved in the breach.

As of typing, the pop up no longer exists. In fact, the entire Internet Archive Way Back Machines is currently not even functional.

Kahle states that those behind the DDoS attack have knocked both archive.org and openlibrary.org, offline. To be 'cautious', Internet Archive is prioritising keeping any data safe, and is also currently not available.

If you're worried about your data, or want to keep up to date on the situation, Kahle stated he will 'share more' about the situation as it unfolds on his X account.

You can also check if your data has been affected by checking your email on the Have I Been Pwned website.