In a significant cybersecurity incident, the Internet Archive, famed for its Wayback Machine, faced a “catastrophic” data breach, compromising the personal information of 31 million users. The breach, which occurred on October 9, exposed email addresses, screen names, and encrypted passwords, leading experts to advise immediate password changes. This has intensified worries over data privacy and the security of this widely-used digital library.
The attack exploited a JavaScript library on the Internet Archive’s website, triggering a pop-up message alerting users to the breach. This message referenced the service Have I Been Pwned? (HIBP), which aids users in verifying if their data has been involved in a data breach. Troy Hunt, the founder of HIBP, confirmed receiving a 6.4 GB database file from the attackers, containing the compromised details. Alarmingly, more than half of the email addresses were found in previous data breaches.
Internet Archive founder Brewster Kahle acknowledged the breach and the accompanying Distributed Denial-of-Service (DDoS) attacks, which have intermittently disrupted access to the website and the Wayback Machine. In response, the organization has disabled the compromised JavaScript library, is scrubbing its systems, and is enhancing its security measures. Kahle stated via social media, “We are taking all necessary steps to secure our platform and will update as we progress.”
In light of this breach, new concerns have surfaced regarding digital security and privacy, sparking discussions across global cybersecurity forums. Reports suggest increased vigilance and protective measures are being advised for digital libraries and online platforms amid rising cyber threats.
