The Internet Archive Suffers Alleged Security Breach

1728508861728.png


Starting at 5pm on October 9th, Internet Archive users began reporting a popup message when trying to load the website, as well as an ongoing DDoS attack. The message foreshadows the data of 31 million users being leaked, and telling people to check haveibeenpwned.

1728508963082.png

(image from twitter)

This comes after IA founder Brewser Kahle mentioned a DDoS attack on the 7th and 8th.


As of writing this archive.org's services do not appear to work, though the message still appears. There has been no official response yet. When any news comes out this news thread will be updated.




Update: The Internet Archive has been taken offline as of 5:30pm

Twitter account Sn_darkmeta is claiming responsibility for the outage (as well as past outages), citing that they started the attach because of the American government's association with Israel.
They are under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of “Israel”.


IA has been actively working on preserving Palestinian history, as IA's Jason Scott outlined in his twitter thread. This attack is completely contradictory to the attacker's values and makes no sense (assuming Sn_darkmeta is actually involved).





At 5:50pm Brewster Kahle made a twitter post acknowledging the DDoS attack, however there was no comment on the security breach.





This has now been confirmed to be a breach. Thank you @SylverReZ for dropping the article link.
https://www.bleepingcomputer.com/ne...-hacked-data-breach-impacts-31-million-users/
 
Last edited by rvtr,

Error-1-2435-8325

I am Error.
Member
Joined
Jul 14, 2021
Messages
154
Trophies
0
Location
Gensokyo
Website
crazynewgroundsdawg.newgrounds.com
XP
1,318
Country
Canada
Last edited by Error-1-2435-8325,

Pizzapalooza

Member
Newcomer
Joined
Sep 22, 2024
Messages
5
Trophies
0
XP
38
Country
United States
This really sucks. There's one thing about hacking a normal website, but hacking a digital library crosses the line in so many ways.

I seriously doubt this is being done in support of Palestine.
 

AkiraKurusu

Stratospheric Thunder!
Member
Joined
Dec 29, 2019
Messages
1,396
Trophies
2
Age
26
Location
Northwood, Sydney
XP
4,305
Country
Australia
I can't believe this was still down this morning, when I went to use the website archive.

Breaching what's essentially THE online archive is blatantly scummy, evil behaviour. Hopefully this truly unfortunate event encourages backups and alternatives to spring up, just in case. I'd love to see two or three different Archives, truly, as a bastion against permanently losing so much precious information and files and website history.
 
  • Like
Reactions: impeeza

8BitWonder

Small Homebrew Dev
Member
Joined
Jan 23, 2016
Messages
2,496
Trophies
1
Location
47 4F 54 20 45 45 4D
XP
5,585
Country
United States
Seeing reports from users that their ticketing system has been hacked overnight:
1729430162604.png

The wording has a very different tone than the original intrusion text, and the initial hacker group has since been posting about bothering other organizations. I'm curious if this is the same group but a different person, or an entirely different actor altogether.
 

SylverReZ

Well-Known Member
Member
Joined
Sep 13, 2022
Messages
8,550
Trophies
6
Location
The Wired
Website
m4x1mumrez87.neocities.org
XP
26,478
Country
United Kingdom
Seeing reports from users that their ticketing system has been hacked overnight:
View attachment 466096
The wording has a very different tone than the original intrusion text, and the initial hacker group has since been posting about bothering other organizations. I'm curious if this is the same group but a different person, or an entirely different actor altogether.
Blackmeta was able to get access to Internet Archive's infrastructure because of a MASSIVE OPSEC mistake they made, which was the secrets to their GitLab, the keys to the mansion if you will. Not only can it access the Zendesk helpdesk token to access 800K+ tickets associated with every e-mail address (registered or used to be registered with Archive), but also the entire database of all active users and the entire site. In addition to having extremely bad security, they have also violated data protection laws and the trust of their userbase.
 

BlusterBong

Well-Known Member
Member
Joined
Apr 22, 2019
Messages
159
Trophies
0
Age
30
XP
567
Country
United States
with how badly the breach was, especially with that second round with how blatently incompetent the security team was to not even change a very easily exploitable mechanism like the API tokens, I highly doubt there's going to be any trust put into the Internet Archive for a fair bit of time and they also have to deal with even more lawsuits becuase of how the security system they had in place allowing these breaches to happen violating data protection laws like the GDPR.
 
  • Like
Reactions: SylverReZ

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    Veho @ Veho: https://i.imgur.com/15tCj3M.mp4