The Internet Archive has recently undergone an unpleasant event in its history. According to the latest news available, an anonymous hacker successfully hacked the Internet Archive, and this news was later confirmed by Troy Hunt who is a well-known security researcher through his website named HIBP (Have I Been Pwned). The event happened on October 9, 2024, Wednesday and spread the news right after a pop-up notification appeared on the website.
This unfortunate event has caused the data breach and compromisation of data of 31 million users across the world. Troy Hunt received the news before it happened and tried to contact and convince the Internet Archive about this potential data breach and hacking, but the effort was not successful, later things happened as he anticipated and the sensitive data of 31 million people are out there.
What is Internet Archive and how does it get hacked?
Table Of Contents
The Internet Archive(IA) is a non-profit organization established in 1966 that preserves digital media content online. IA provides users and researchers worldwide with access to analyze and refer to the digital content available on the website.
This platform works on the principle of providing universal access to all knowledge. Wayback machine is the main component of IA and this has suffered a data breach and went offline right after the hacker initiated the process that ultimately led to the breach of 31 million users.
Users of the Internet Archive have felt traffic on the website, but the officials of IA haven’t commented on this problem yet. The archivist Jason Scott commented, “Someone is DDOsing the Internet Archive and that’s why we have been down for hours”.
However, the authentic website HIBP confirms the hacking and claims that Troy Hunt has received 6.4GB of stolen data from 31 million IA users, from an anonymous hacker that contains email addresses, usernames, and even passwords.
Also Read: Most Common Cybersecurity Threats And How Hackers Exploit Them
What happened on Wednesday?
On Wednesday, users received a pop-up message on their display, with an attached comment that claimed that the Internet Archive had gone through a ‘catastrophic security breach’. So many users of IA had noticed this pop-up message appeared on their screen and sooner the main website archive.org and its Wayback Machine got disengaged.
The message that appeared on their screen was like this,
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP”
The notification was delivered just after 9 PM ET via the JavaScript library. The users felt normality in the website activity right after the notification disappeared from their screen, but the website was disengaged for several hours.
Here in this notification, the name of HIBP is mentioned, it is a website that provides information about the breached data and provisions for users to check whether their data is leaked from any kind of cyberattack. Troy Hunt has confirmed that the details of the 31 million user data will be updated soon in the HIBP.
Troy Hunt’s Findings
The data breach is confirmed however the IA hasn’t made any comments about this situation, Troy Hunt checked and analyzed the user data and proved the legitimacy of the breach.
According to the findings of Hunt, 54% of the accounts involved in this 31 million user count were already compromised and exposed to previous cyberattacks, he also disclosed that he had been trying to prepare the IA against the potential data breach since October 6th.
Read More: Google Hackers Reportedly Targeted Password System
Conclusion
Latest media reports suggest that the Internet Archive is on the verge of increasing its security and adopting new methods to ensure the safety of data management. The Internet community is anticipating a well-defined explanation from the Internet Archives authority about this incident.
The available response from the authoritative figure and founder of the Internet Archive Brewster Kahle is that the hackers found the vulnerability in the website’s javascript library and the attack was carried out through this compromised library, and later the library was disabled with immediate effect.
It is quite unfortunate that 28+ years of experience company in online media is not aware of the potential risks associated with it and even neglected the details when Troy Hunt tried to warn them, we can expect an updated security measurement in the future. Risks associated with it and even neglected the details when Troy Hunt tried to warn them, we can expect an updated security measurement in the future.
