Data breach and DDOS attacks bring down Wayback Machine

Sunday, October 13, 2024

 
Correction — October 14, 2024
 
The article referred to the SQL file as 'gigantic', which is subjective and is not supported by evidence, and the word has been removed. The file size was indicated correctly.
 
Wayback Machine logo

On Wednesday, the Internet Archive suffered a data breach of 31 million user passwords and screen names, as well as a wave of distributed denial-of-service (DDOS) attacks, rendering the Wayback Machine inaccessible. It was unknown whether the two events were related, though current evidence suggested that the two were perpetrated by the same attacker or group of attackers.

Shortly preceding the shutdown, users visiting the Internet Archive were greeted by a JavaScript pop-up message that read: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!" Here, "HIBP" is an abbreviation for "Have I Been Pwned," a site that allows users to look up their emails to check if their credentials have been stolen or compromised.

As of Saturday, the Internet Archive and its associated Wayback Machine remained inaccessible to the public as Internet Archive staff continued their efforts to upgrade the security of the servers to prevent future security incidents. The Archive has been focused on providing its users with "universal access to all knowledge" since its inception in 1996.

The Wayback Machine is the Internet Archive's most popular tool, allowing users to "look back" in time to see websites and webpages as they appeared at different points in time. Access to this digital library was expected to return within the next several days, though no specific timeframe was available.

A hacker group, who goes by the username SN_Blackmeta on X (formerly known as Twitter), appeared to operate from Russia and has claimed responsibility for the attack. Like with most DDOS attacks, this attack was believed to be politically motivated: the attackers have accused the United States government of supporting Israel, and the hackers have cited this as their motivation for the cyberattack.

The breach presumably occurred on September 28, as that is the latest date on an SQL file, measuring 6.4 gigabytes in size, containing the stolen user data. HIBP founder Troy Hunt received the file on September 30 but was unable to review it until October 5. Hunt notified the Internet Archive staff on October 6. The Internet Archive has responded accordingly and has fended off the recent DDOS attacks.


Sources