The Internet Archive, known for its Wayback Machine web archiving service, has suffered a hacker attack that stole the database of 31 million users.
The hack became known on Wednesday, when visitors to archive.org were confronted with a message created by a hacker: "Have you ever felt like the Internet Archive is running on sticks and is constantly on the verge of a catastrophic security breach? It just did. Watch 31 million of you on HIBP!"
The link to HIBP points to the Have I Been Pwned service, a widely used data breach notification platform created by Troy Hunt. Typically, attackers share stolen data with HIBP to alert affected users.
Hunt confirmed to BleepingComputer that the attacker had shared the Internet Archive's authentication database about nine days earlier. The leaked data is a 6.4 GB SQL file called ia_users.sql that contains user data such as email addresses, names, password change timestamps, and passwords hashed using Bcrypt.
The most recent time stamp in the stolen records is dated September 28, 2024, which indicates that the database was most likely stolen at that time.
Hunt noted that the compromised data includes 31 million unique email addresses, many of which are already registered with the HIBP service. The breached information will soon be uploaded to HIBP, allowing users to check whether their data has been affected.
Hunt said that three days ago he asked the Internet Archive to begin the disclosure process, noting that the compromised data would be added to the HIBP platform within 72 hours. However, he has not yet received a response from the Internet Archive.
It remains unclear how the attackers managed to hack into the Internet Archive and whether other confidential data was accessed during the incident.
The problem is compounded by the fact that the Internet Archive has also suffered a distributed denial of service (DDoS) attack. The hacktivist group BlackMeta claimed responsibility for the attack and threatened further disruptions to the service.