The Internet Archive suffers massive data breach affecting tens of millions of users

The Wayback Machine has suffered a colossal security incident after the Internet Archive fell victim to a huge data breach.

Data breach notification service Have I Been Pwned (HIBP) says that a 6.4GB SQL file containing registered users’ authentication information has been shared. In all, 31 million email addresses have been found to be part of the database, and tests have shown the the data is genuine.

See also:

• Still running Windows 11 22H2? No more security fixes from Microsoft for you!
• Microsoft confirms weird Word bug that deletes files if you name them incorrectly
• How to bypass Microsoft’s TPM 2.0 requirements when upgrading to Windows 11 24H2

While there is never a good time for a data breach to take place, the timing of the Internet Archive attack feels particularly unfortunate. Google has only just teamed up with the Wayback Machine to provide a replacement for its own cached link service.

Users visiting Archve.org have been greeted by a message posted by hackers rather than the site they were expecting to see. The JavaScript alert reads:

Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!

Bleeping Computer has spoken with Troy Hunt of Have I Been Pwned, and he has confirmed that his site was contacted by hackers and provided with the stolen data.

While it is not known for sure who is resopnsible for the attack, the BlackMeta hacktivist group has claimed responsibility:

There are suggestions that the attack is linked to the ongoing Israel–Hamas war, the hackers supposedly attacking a US-owned site in protest at Amercian support for Israel.

Image credit: Transversospinales / Dreamstime.com