A major cyber attack has hit the Internet Archive, a nonprofit famous for digitizing and preserving web pages and other media. On Wednesday, users trying to access the site encountered a chilling message warning of a major security breach. Millions of people who use the Archive to access historical and digital content have raised concerns following this incident.
A data breach and a distributed denial of service (DDoS) attack meant that by Wednesday, the Internet Archive had confirmed that 31 million users had been affected and that a distributed denial of service (DDoS) attack had occurred. The breach was first reported on “Have I Been Pwned” (HIBP), a well-known platform for checking if personal data has been compromised in cyber attacks. Not long after, the Internet Archive agreed that they had repelled the DDoS attack and set to rebuilding the site’s security.
Why The Internet Archive suffered a DDoS attack and data breach
When visiting the Internet Archive, users encountered a pop-up message: Have you ever fancied that the Internet Archive is a ragtag collection of sticks and running ever so close to falling over in a catastrophic security breach? It just happened. Want to see 31 million of you on HIBP?! This message confirmed the data breach, including user emails, screen names, and hashed passwords. HIBP’s operator, Troy Hunt, confirmed the notification later and provided details about the compromised data.
Worse, hackers who previously breached these accounts could then use the platforms for re-entry: HIBP found that more than half of the exposed accounts were already compromised in some way. Even after the first breach, the site took time to get going again. It went offline sometime later, with users leaving with little more than a placeholder message informing them that the Archive was temporarily out of order.
The data breach was found to have happened in a separate episode from the DDoS attack, but both happened within a very short time frame of each other, confirming that both affected the Archive. The DDoS attack was claimed by an account on X, SN_Blackmeta, at which point it said more of those attacks were coming. It was the same technique the group used in May 2019 to target the Archive, indicating the group was trying to set a pattern of disruption against the nonprofit.
The response and ongoing concerns
Referring via Mastodon, Jason Scott, a key archivist at the Internet Archive, said the attackers provided no demands or reasons. The Archive was left scrambling to defend against an assault whose explanation and purpose were unclear at best — and that appeared to be more about demonstrating power than doing so.
Internet Archive’s founder, Brewster Kahle, posted to his handle confirming the breach and sharing measures his platform took to secure it. These included disabling the compromised JavaScript library used to deface the site and updating security more broadly. Kahle told users that the Archive team was working to clean up its systems and restore service safely. He also said that there could be more attacks.
According to the latest updates, the Internet Archive is still offline following a DDoS attack and a breach and is still working to recover fully. They have directed visitors to follow the Archive’s official X account for real-time updates on the situation.
Image credits: Furkan Demirkaya/Ideogram
