The Internet Archive Suffers Alleged Security Breach

1728508861728.png


Starting at 5pm on October 9th, Internet Archive users began reporting a popup message when trying to load the website, as well as an ongoing DDoS attack. The message foreshadows the data of 31 million users being leaked, and telling people to check haveibeenpwned.

1728508963082.png

(image from twitter)

This comes after IA founder Brewser Kahle mentioned a DDoS attack on the 7th and 8th.


As of writing this archive.org's services do not appear to work, though the message still appears. There has been no official response yet. When any news comes out this news thread will be updated.




Update: The Internet Archive has been taken offline as of 5:30pm

Twitter account Sn_darkmeta is claiming responsibility for the outage (as well as past outages), citing that they started the attach because of the American government's association with Israel.
They are under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of “Israel”.


IA has been actively working on preserving Palestinian history, as IA's Jason Scott outlined in his twitter thread. This attack is completely contradictory to the attacker's values and makes no sense (assuming Sn_darkmeta is actually involved).





At 5:50pm Brewster Kahle made a twitter post acknowledging the DDoS attack, however there was no comment on the security breach.





This has now been confirmed to be a breach. Thank you @SylverReZ for dropping the article link.
https://www.bleepingcomputer.com/ne...-hacked-data-breach-impacts-31-million-users/
 
Last edited by rvtr,

The Catboy

GBAtemp Official Catboy™: Entropy Trap
Member
Joined
Sep 13, 2009
Messages
28,690
Trophies
6
Location
Making a non-binary fuss
XP
42,291
Country
Antarctica

Lostbhoy

HEY YOU GUYS!
Member
Joined
Aug 23, 2009
Messages
2,805
Trophies
3
Age
44
Location
Scotland
XP
6,025
Country
United Kingdom
Nah, Writing passwords down physically is much worse than a password manager. A reputable password manager has eyes on their vaults (servers) 24/7 and redundancy in case of disaster. Your passwords disappear with a house fire if you write them down.

Another house fire victim? You people have really bad luck.

Again as stated, if it works for you great. Imo, too many variables that can go wrong compared to the scaremongering of a house fire suggestion.

In any case, your all wrong anyway. Get better at passwords and remembering them :ha::tpi:
 

SecureBoot

Your friendly neighborhood idiot
Member
Joined
Sep 29, 2016
Messages
1,946
Trophies
1
XP
5,258
Country
United States
Another house fire victim? You people have really bad luck.

Again as stated, if it works for you great. Imo, too many variables that can go wrong compared to the scaremongering of a house fire suggestion.

In any case, your all wrong anyway. Get better at passwords and remembering them :ha::tpi:
I literally have a degree and job in cybersecurity. This is a debate we've been trying to put to bed for years. That's no opinion to be had. You are just wrong. Earthquakes, fires, hurricanes, floods, thievery, or just negligence is enough to lock you out of your entire life. There's no scaremongering. It is that serious.

There is some debate about whether a self hosted password manager is better than a commercial one. I prefer commercial because a self hosted manager is exposed to the same natural disasters as a journal. I'm also way more likely to misconfigure something than people who are paid to handle it
 

MON5TERMATT

Well-Known Member
Newcomer
Joined
Mar 2, 2021
Messages
49
Trophies
0
Age
25
Website
mon5termatt.com
XP
255
Country
United States
I literally have a degree and job in cybersecurity. This is a debate we've been trying to put to bed for years. That's no opinion to be had. You are just wrong. Earthquakes, fires, hurricanes, floods, thievery, or just negligence is enough to lock you out of your entire life. There's no scaremongering. It is that serious.

There is some debate about whether a self hosted password manager is better than a commercial one. I prefer commercial because a self hosted manager is exposed to the same natural disasters as a journal. I'm also way more likely to misconfigure something than people who are paid to handle it
meanwhile i have vaultwarden running on two computers in different states....

💗Self Hosting.
 
  • Like
Reactions: rvtr and SylverReZ

Lostbhoy

HEY YOU GUYS!
Member
Joined
Aug 23, 2009
Messages
2,805
Trophies
3
Age
44
Location
Scotland
XP
6,025
Country
United Kingdom
I literally have a degree and job in cybersecurity. This is a debate we've been trying to put to bed for years. That's no opinion to be had. You are just wrong. Earthquakes, fires, hurricanes, floods, thievery, or just negligence is enough to lock you out of your entire life. There's no scaremongering. It is that serious.

There is some debate about whether a self hosted password manager is better than a commercial one. I prefer commercial because a self hosted manager is exposed to the same natural disasters as a journal. I'm also way more likely to misconfigure something than people who are paid to handle it
I know of no one who has suffered any of said disasters, obviously not impossible and could happen, still a helluva lot less risk than digital disasters, hence this whole thread!

No point on trying to convince me, I've plenty of experience in the same area and even with both solutions, care must still be taken and that is ALWAYS on us. Keeping shit updated is also a basic rule of thumb but people don't bother! It makes no sense when people say they can't remember their password but they can remember multiple 26 button combos for video games!!

Again, it's whatever solution works for the individual. As long as your comfortable in the knowledge that it works and your info is safe then who's to say who's right or wrong about it really? As you know, there is no major fail safe to the problem yet so as with everything else in life, do your diligence and be prepared is the best advice to give.
 

Chris2055

Well-Known Member
Member
Joined
May 10, 2019
Messages
288
Trophies
0
Age
37
XP
1,046
Country
United States
Earthquakes, fires, hurricanes, floods, thievery, or just negligence is enough to lock you out of your entire life. There's no scaremongering. It is that serious.

To be honest, if it were just the threat of natural disasters I might be willing to take my chances, but it's not.
  • It's just not practical to write down hundreds of passwords containing a secure amount of characters from a complex character set (at least lower+upper a-z, 0-9 and special characters).
  • Even if you chose to do that, good luck with keeping the passwords up-to-date. You'll end up changing them online and forgetting to update the paper.
  • Entering such passwords without copy+paste would be a huge burden.
Switching from paper-based passwords to a password manager is one of the best things I've done. It used to be a huge pain to find my info and I would put off using complex passwords and updating them just because it made the paper route harder to manage.
 

AlexMCS

Human
Member
Joined
Jul 3, 2018
Messages
656
Trophies
1
Age
39
Location
Fortaleza
XP
3,108
Country
Brazil
I literally have a degree and job in cybersecurity. This is a debate we've been trying to put to bed for years. That's no opinion to be had. You are just wrong. Earthquakes, fires, hurricanes, floods, thievery, or just negligence is enough to lock you out of your entire life. There's no scaremongering. It is that serious.

There is some debate about whether a self hosted password manager is better than a commercial one. I prefer commercial because a self hosted manager is exposed to the same natural disasters as a journal. I'm also way more likely to misconfigure something than people who are paid to handle it

It's very simple to write a symmetrical XOR crypt algorithm, with a variable function for seed and inputs than the randomly generated secure garbage pwgens make.
All I need to do is select a secure PRNG implementation, like ISAAC64, and few simple math functions to jumble the input.
Therefore I can use trivially simple passphrases as an input and get unhackable outputs, which I would then use with a commercial pw manager.

You can use the same strategy to cloud-host your stuff.

Zero trust on non-self-hosted anything with widely used ciphers.
 

Chris2055

Well-Known Member
Member
Joined
May 10, 2019
Messages
288
Trophies
0
Age
37
XP
1,046
Country
United States
Just make sure any offline password manager you use has passed independent security audits. Any decent software will have really good, secure password generators as a basic feature and it will almost certainly be better than any roll-your-own solution you can design as an amateur or a layman.
 
  • Like
Reactions: SecureBoot

The Catboy

GBAtemp Official Catboy™: Entropy Trap
Member
Joined
Sep 13, 2009
Messages
28,690
Trophies
6
Location
Making a non-binary fuss
XP
42,291
Country
Antarctica
his fault for beinig a dumbass with the stuff he had, (seems to be a running theme with hackers saddly)
Dumb ass hackers is why I too am supporting Frieza for president. Make Earth Blown Up Again!
 

UltraHurricane

Well-Known Member
Member
Joined
Feb 18, 2013
Messages
264
Trophies
1
Age
32
XP
890
Country
United States
Good measures is having different passwords for each login and using your brain to store them. Period, that's it man.


Yes, the cyber terrorists are pro terrorists ;), agreeing with me for once, congrats.
considering neither side has announced support for the hacking, i SERIOUSLY doubt the hackers actually have a political agenda to the attack and only said their reasoning to troll people and further spread misinformation (why else would you attack a site like IA if not for a misanthropic prank on a grand scale? A lot of the greatest cyber-attacks were done for shits and giggles)
 

DeadSkullzJr

Developer
Developer
Joined
Sep 28, 2017
Messages
1,607
Trophies
1
XP
4,182
Country
United States
Considering source reliability is basically a gamble anymore, I'm just going to make my point generalized and clear.

Understanding and having empathy for people and places of the world when bad things happen is absolutely fine, but it's another when you take it to the extreme and do stupid things like this over disagreements you have. That's just excessive, overboard, etc.. Imagine if for example, I hacked GBAtemp just because some people on this platform have opinions, beliefs, and or logic that I don't support, regardless of the severity of the subject matter. That would be pretty damn stupid of me to do, there's no gain whatsoever (unless you count finding out that a security flaw exists, which I guess hey, you got yourself something lol), if anything I would just be disrupting everyone, even the innocent people who aren't even involved in the situation. Nobody should be condoning hacking for things like this at all. We will agree and disagree with real world situations, but it shouldn't come down to disruptions of this caliber, because you know what, if we condone this now in any form, eventually this absolutely will hit an important infrastructure, if not multiple, and then shit will really hit the fan. I can't say the archive is as essential as eating food and drinking water, but it definitely has an educational importance for its historical purposes to learn from, remember, and grow from.
 
  • Like
Reactions: ChaosEternal

AlexMCS

Human
Member
Joined
Jul 3, 2018
Messages
656
Trophies
1
Age
39
Location
Fortaleza
XP
3,108
Country
Brazil
Just make sure any offline password manager you use has passed independent security audits. Any decent software will have really good, secure password generators as a basic feature and it will almost certainly be better than any roll-your-own solution you can design as an amateur or a layman.

Anything I can make will be stronger than any general use implementation.
I can even chain feed to another ciphers or simple coding, like base64, to make it even more secure, but that'd be overkill IMO.

I agree you just have to know what you're doing.

I'm no amateur or layman on the subject either: CS major, expert in CyberSecurity and Network Security, working in the area for over 10 years ;)
 

PrincessLillie

(Future) VTuber
Member
Joined
Nov 28, 2013
Messages
2,984
Trophies
4
Age
21
Location
Virtual Earth
Website
lillie2523.carrd.co
XP
5,402
Country
United States
The site's probably going to shut down by or before 2025. But I hope it doesn't.
People also said the publisher lawsuits would be the end of the Internet Archive, and yet it still stands.
Keep in mind that archive.org is a non-profit. Somehow I doubt a data breach and some service interruptions will prevent donations and securing of funding in the long term.
 
  • Like
Reactions: rvtr

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: @K3Nv2, free head with coupon was a bad idea lol