31 million users exposed in ‘catastrophic’ cyber attack on Internet Archive, pro-Palestinian hacker group claims responsibility

The DDoS attacks, which have repeatedly forced the Internet Archive offline, and the data breach were both attributed to the username "SN_BlackMeta." SN_BlackMeta is connected to pro-Palestinian hacktivist movements and has been connected to attacks on Middle Eastern financial institutions in the past.

The Internet Archive, a popular digital library known for its Wayback Machine, suffered a data breach that exposed 31 million user accounts. The cyber attack on 10th October took down the website, as founder Brewster Kahle confirmed in a statement on social media. He acknowledged a series of distributed denial-of-service (DDoS) attacks, which commenced on 8th October aimed at disrupting a website or server.

Furthermore, Brewster Kahle stated that emails, encrypted passwords, and usernames had been compromised. Experts in cybersecurity have since advised users to change their passwords right away. Meanwhile, a pro-Palestinian hacktivist claimed responsibility for the attack.

A JavaScript (JS) library on the Internet Archive website was exposed in the assault that leaked millions of users’ personal information. The people sensed something was off when an odd message appeared on the Internet Archive website earlier this week. “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP,” it read and made reference to the Have I Been Pwned? (HIBP) service, which assists people in figuring out whether a breach has compromised their data.

Email addresses, screen names, passwords, and other internal data for 31 million distinct email addresses were included in the database, which was shared with cybersecurity specialists. The creator of HIBP, Troy Hunt, acknowledged that he received a 6.4 GB database file from the hackers. Additionally, he pointed out that more than half of the email addresses had already been exposed in earlier data breaches. He added that 54 per cent of the compromised email addresses from previous breaches were already present in the HIBP database.

Troy Hunt mentioned that although he learned about the development 30th on September, he wasn’t able to look into it until 5th October. Afterwards, he updated the HIBP website and informed the Internet Archive. The archive.org website and its Wayback Machine have sometimes been inaccessible despite the early attempts to repel the onslaught. The company has been improving security and cleaning up its systems in light of the assault.

Jason Meller, VP of Product at 1Password pointed out, “Based on publicly available evidence, the site has been thoroughly compromised. Their database has been exfiltrated, indicating that the back-end infrastructure was accessible, and their pages have been defaced, suggesting that the attackers have some degree of control over the web content served to users. The website has also been repeatedly knocked offline, indicating that the attackers have gained dominance at the network layer. This is undoubtedly a difficult and challenging time for the Archive, a resource many of us rely on.

“Given the severity of this breach and until they have had time to fully investigate, my strong recommendation is to avoid browsing or using any files obtained from the site until they have declared an ‘all clear’,” he further conveyed. 1Password is a password manager for saving various passwords, software licenses, and other sensitive information in a virtual vault that is locked with a PBKDF2-guarded master password.

Who hacked the website?

The DDoS attacks, which have repeatedly forced the Internet Archive offline, and the data breach were both attributed to the username “SN_BlackMeta.” The group claimed to be launching “extremely successful attacks” and that their campaign lasted for five hours. SN_BlackMeta is connected to pro-Palestinian hacktivist movements and has been connected to attacks on Middle Eastern financial institutions in the past.

“The Internet Archive has and is suffering from a devastating attack. We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down,” the group boasted on X (previously Twitter). However, the community notes countered their allegation and highlighted, “This group conducted Denial of Service (DDOS) attack on Internet Archive, which is a 501c Non-Profit, Public Charity and Non-Governmental Organization found by Kahle Brewster in 1996, and has nothing to do with US Govt, CIA, Israel, MOSSAD and counter-terrorism.”

However, the group argued that the website is under attack because the United States owns the archive, and added, “As we are well aware, this abhorrent and deceitful government backs the genocide being carried out by the terrorist state known as Israel.”

The Internet Archive is a San Francisco-based nonprofit organization that was founded in 1996 with the goal of protecting the Internet and encouraging open access. It runs the Wayback Machine, a tool that over time gathers snapshots of millions of webpages. Researchers and fact-checkers depend on this tool because it gives them access to removed content and lets them monitor updates to internet data. Maintaining the historical record of digital information is made possible largely by the Internet Archive.