DDoS Attack And Data Breach Affects 31 Million Internet Archive Users

The Internet Archive was founded in 1996 as a non-profit digital library that offered internet users free access to texts, movies, music, websites, software applications and other digitized materials.

In the last two weeks, the platform witnessed a wide range of cyberattacks, which included a DDoS attack and a data breach that affected over 31 million users.

The hack also came with a pop-up alert presented to people visiting the Internet Archive’s website, which read, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”

HIBP refers to Have I Been Pwned, a website that acts as a data breach notification service that allows users to check if their data has fallen prey to hackers or has been part of a data breach.


While news of the breach only began spreading on Wednesday afternoon (October 9), the breach occurred on or before September 30, 2024, as that was the day it was shared with Troy Hunt, the creator of Have I Been Pwned.

The data provided consisted of a 6.4GB SQL file named “ia_users.sql.” This contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords and other internal data,” as per information shared by Hunt to BleepingComputer.

Out of this, 54% were already in HIBP’s database from previous breaches, as per a post on X shared by the company.

Ahead of this Hunt shared a more detailed recount of the event’s chronology. 

What Was Troy Hunt’s Chronology Of Events?

Through a post on X, Troy Hunt, the creator of Have I Been Pwned, shared the chronology of receiving the breach data and more.
 

• 30 Sep: Someone sends me the breach, but I'm traveling and didn't realize the significance

• 5 Oct: I get a chance to look at it - whoa!

• 6 Oct: I get in contact with someone at IA and send the data, advising it's our goal to load within 72 hours

• 7 Oct: They confirm and I ask for a disclosure notice

• 8 Oct: I follow up on the disclosure notice and advise we'll load tomorrow 9 Oct: They get defaced and DDoS'd, right as the data is loading into HIBP

Hunt further mentioned that the timing of the DDoS attack and defacement seemed to be “entirely coincidental”. He also shared his belief that the breach, DDoS attack and defacement of the site was probably carried out by multiple parties over a series of attacks.

However, it was made clear that the primary perpetrators behind the attack was the hacktivist group, BlackMeta.

The group even posted on X sharing details about their initial attack that lasted five hours and took the Internet Archive’s systems completely down. The group even revealed they were ready for a second round with a timeframe of 6 hours.

Internet Archive’s website remains down at the time of writing.


BlackMeta was clear in its motives, which were politically driven. The group spoke up about it in a follow-up post on X.
 

• Excerpts from the post read, “Everyone calls this organization “non-profit”, but if its roots are truly in the United States, as we believe, then every "free" service they offer bleeds millions of lives. Foreign nations are not carrying their values beyond their borders.”

• “Many petty children are crying in the comments and most of those comments are from a group of Zionist bots and fake accounts.”

• “We are not interested in your dog barking behind a mobile screen.”

• “If the Internet Archive was shut down for all countries and users, it’s only a taste to experience deprivation.”

Do you think websites with sensitive and private user data should be subject to stronger cybersecurity controls?

Let us know in the comments below!