Main Menu

Internet Archive - Hacked & Down

Started by CA, Oct 11, 2024, 08:20 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

CA

Opps... There goes the emulation rom pack downloads for now.

The worrying message..... Thanks JavaScript!!
Guests are not allowed to view images in posts, please Register or Login

(HIBP meaning the Have I Been PWNED leaked password database)

The Internet Archive, a non-profit digital library and home to the Wayback Machine, has been hit by a major cyberattack. The breach, which occurred in late September 2024, exposed the email addresses, usernames, and hashed passwords of approximately 31 million users. The attack was carried out by a hacktivist group called SN_BLACKMETA, which claimed responsibility for the incident.

Attack Timeline

October 8, 2024: Distributed Denial-of-Service (DDoS) attacks began, targeting the Internet Archive's website and servers.
October 9, 2024: A malicious JavaScript pop-up appeared on the Internet Archive's website, alerting visitors to a security breach and potentially affecting 31 million users.
October 10, 2024: The Internet Archive confirmed the data breach and DDoS attacks, with founder Brewster Kahle outlining the organization's response.
October 11, 2024: The hacktivist group SN_BLACKMETA claimed responsibility for the attack, stating that it was motivated by a desire to "inflict significant losses on many countries that serve the devil and the global Zionist regime."
Stolen Data

The stolen data includes:

Email addresses
Screen names
Password change timestamps
Bcrypt-hashed passwords (salted and encrypted)
The most recent timestamp on the stolen records is September 28, 2024, likely when the database was stolen.

Impact

The Internet Archive's website and Open Library remain offline as the organization prioritizes security and works to restore services. The breach has raised concerns about the potential misuse of user data and the integrity of the Internet Archive's digital collections.

Response

The Internet Archive has disabled the JavaScript library and is scrubbing systems to mitigate the attack. The organization is also upgrading security measures to prevent similar incidents in the future.

Recommendations

Users are advised to:

Change their passwords immediately
Monitor their accounts for suspicious activity
Enable two-factor authentication (2FA) if available
Be cautious of phishing emails or messages claiming to be from the Internet Archive
The Internet Archive has not disclosed any further information on the incident, and it is unclear when services will be fully restored.