31 Million Record Data Breach at Internet Archive Followed by Hacktivist DDoS Attacks

by | Oct 21, 2024

Service at the Internet Archive remains spotty after about two weeks of off-and-on attacks, beginning with a major data breach in late September that exposed 31 million user credentials.

The data breach is still shrouded in some mystery, but an opportunistic hacking group has jumped into the fray over the past week to pepper the site with DDoS attacks. This group, one that has been seen previously targeting entities in Israel and the UAE, says that it is hammering the Internet Archive due to it being “property of the USA” in what appears to be an attempt at pro-Palestinian hacktivism.

Major data breach exposed email addresses, hashed passwords

The Internet Archive went back online in a read-only state on Monday, unable to create snapshots of webpages or accept uploads for the time being. Updates are available from founder Brewster Kahle on X, who has said that more downtime may be forthcoming as part of necessary maintenance.

The data breach suspect remains unknown, though it is unlikely to be a profit-seeking criminal group as they dumped the stolen credentials to the public very shortly after stealing them. BlackMeta, which has had several other high-profile DDoS campaigns over the past two months, claimed responsibility for the more recent chain of attacks on X.

BlackMeta appears to have seized on a window of opportunity created not just by the prior data breach, but Internet Archive’s ongoing legal troubles. It recently lost an appeal in a case involving its virtual lending of books that are under copyright, and assorted members of the music industry recently launched a similar suit that could cost it hundreds of millions of dollars if successful. At risk are an archive of over 866 billion web pages, the only one even remotely of its kind now that Google has ceased to cache pages, along with tens of millions of books, audio and video recordings.

Internet Archive struggling to return to full normal operations

The records stolen in the data breach have reportedly been added to the Have I Been Pwned database. The attackers stole an SQL file that contained about 31 million usernames attached to email addresses and hashed passwords. The passwords may be safe, at least for some time, as the Internet Archive reportedly made use of Bcrypt, which will at least eliminate the lowest-effort methods of cracking them if it was implemented correctly.

The Internet Archive’s biggest present issue is the sustained series of DDoS attacks. BlackMeta is thought to use well-known DDoS-for-hire services rather than its own infrastructure, but apparently has deep pockets to pay for their “hacktivism” based on this and prior attacks. The group recently set a record for the longest consecutive DDoS when it attacked Arab National Bank for six days.

The primary Internet Archive URL of “archive.org” as well as the Wayback Machine and openlibrary.org remain impacted, and may have functionality issues for some time even if the attack campaign has petered out.

Recent Posts

How can we help?

14 + 11 =

× How can I help you?