TechDogs-"The Top Lead Generation Strategies For Startups"

Cyber Security

DDoS Attack And Data Breach Affects 31 Million Internet Archive Users

By TechDogs Bureau

TD NewsDesk

Updated on Thu, Oct 10, 2024

Overall Rating
The Internet Archive was founded in 1996 as a non-profit digital library that offered internet users free access to texts, movies, music, websites, software applications and other digitized materials.

In the last two weeks, the platform witnessed a wide range of cyberattacks, which included a DDoS attack and a data breach that affected over 31 million users.

The hack also came with a pop-up alert presented to people visiting the Internet Archive’s website, which read, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”

HIBP refers to Have I Been Pwned, a website that acts as a data breach notification service that allows users to check if their data has fallen prey to hackers or has been part of a data breach.

TechDogs-"An Image Of The Pop-Up On The Internet Archive Website"
While news of the breach only began spreading on Wednesday afternoon (October 9), the breach occurred on or before September 30, 2024, as that was the day it was shared with Troy Hunt, the creator of Have I Been Pwned.

The data provided consisted of a 6.4GB SQL file named “ia_users.sql.” This contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords and other internal data,” as per information shared by Hunt to BleepingComputer.

Out of this, 54% were already in HIBP’s database from previous breaches, as per a post on X shared by the company.

Ahead of this Hunt shared a more detailed recount of the event’s chronology. 


What Was Troy Hunt’s Chronology Of Events?


Through a post on X, Troy Hunt, the creator of Have I Been Pwned, shared the chronology of receiving the breach data and more.
 
  • 30 Sep: Someone sends me the breach, but I'm traveling and didn't realize the significance

  • 5 Oct: I get a chance to look at it - whoa!

  • 6 Oct: I get in contact with someone at IA and send the data, advising it's our goal to load within 72 hours

  • 7 Oct: They confirm and I ask for a disclosure notice

  • 8 Oct: I follow up on the disclosure notice and advise we'll load tomorrow 9 Oct: They get defaced and DDoS'd, right as the data is loading into HIBP


Hunt further mentioned that the timing of the DDoS attack and defacement seemed to be “entirely coincidental”. He also shared his belief that the breach, DDoS attack and defacement of the site was probably carried out by multiple parties over a series of attacks.

However, it was made clear that the primary perpetrators behind the attack was the hacktivist group, BlackMeta.

The group even posted on X sharing details about their initial attack that lasted five hours and took the Internet Archive’s systems completely down. The group even revealed they were ready for a second round with a timeframe of 6 hours.

Internet Archive’s website remains down at the time of writing.

TechDogs-"A Screenshot Of The BlackMeta Post On X"
BlackMeta was clear in its motives, which were politically driven. The group spoke up about it in a follow-up post on X.
 
  • Excerpts from the post read, “Everyone calls this organization “non-profit”, but if its roots are truly in the United States, as we believe, then every "free" service they offer bleeds millions of lives. Foreign nations are not carrying their values beyond their borders.”

  • “Many petty children are crying in the comments and most of those comments are from a group of Zionist bots and fake accounts.”

  • “We are not interested in your dog barking behind a mobile screen.”

  • “If the Internet Archive was shut down for all countries and users, it’s only a taste to experience deprivation.”


Do you think websites with sensitive and private user data should be subject to stronger cybersecurity controls?

Let us know in the comments below!

First published on Thu, Oct 10, 2024

Liked what you read? That’s only the tip of the tech iceberg!

Explore our vast collection of tech articles including introductory guides, product reviews, trends and more, stay up to date with the latest news, relish thought-provoking interviews and the hottest AI blogs, and tickle your funny bone with hilarious tech memes!

Plus, get access to branded insights from industry-leading global brands through informative white papers, engaging case studies, in-depth reports, enlightening videos and exciting events and webinars.

Dive into TechDogs' treasure trove today and Know Your World of technology like never before!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs' site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.

Join The Discussion

- Promoted By TechDogs -

IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment

Join Our Newsletter

Get weekly news, engaging articles, and career tips-all free!

By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.

  • Dark
  • Light