The Internet Archive Faces an Attack, Exposing Information from 31 Million Accounts.

During a visit to The Internet Archive on Wednesday afternoon, users encountered a pop-up message indicating that the site had been hacked. The message read: "Have you ever felt that The Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? That's just happened. See you 31 million of you on HIBP!" HIBP refers to Have I Been Pwned?, a website that allows individuals to check if their information has been published in leaked data from cyberattacks.

Troy Hunt, the operator of HIBP, confirmed that he received a file nine days ago containing "email addresses, usernames, password change timestamps, passwords hashed with Bcrypt, and other internal data" from 31 million unique email addresses. He also validated the information by comparing it to user accounts. A tweet from HIBP indicated that 54 percent of the accounts were already listed in their database due to previous breaches.

Hunt provided more details about the timeline of events, from when he contacted The Internet Archive about the breach on October 6, to the disclosure of the information that occurred when the site was defaced and suffered a DDoS attack, just as they were starting to upload the data to HIBP to notify affected users. After closing the message, the site loaded normally, albeit slowly. However, it was unclear what exactly was happening with the site, as attacks on services like TweetDeck have exploited XSS (cross-site scripting) vulnerabilities with similar effects.

At 5:30 PM ET, the pop-up message had disappeared, along with the rest of the site, which displayed a warning message saying that "Internet Archive services are temporarily offline" and directed visitors to the site's X account for updates. Jason Scott, an archivist and software curator at The Internet Archive, commented on Mastodon that the site was experiencing a DDoS attack, stating that "according to their Twitter, they are doing it just because they can. No statement, no idea, no demands."

On the other hand, Brewster Kahle of The Internet Archive wrote that "the DDoS attack on @internetarchive yesterday was repeated today. We are working to restore http://archive.org." Neither had mentioned the breach.

A user on X named SN_Blackmeta claimed to be responsible for the attack and hinted at another attack planned for the following day. This user had also reported a DDoS attack on the Archive in May, and Scott had previously mentioned attacks that seemed aimed at disrupting The Internet Archive. Efforts are being made to gather more information from the organization.