Internet Archive Suffers Major Data Breach Affecting 31 Million Users
The Internet Archive has recently experienced a significant cybersecurity breach that has compromised the personal data of 31 million users. This incident, confirmed by the founder Brewster Kell, has raised alarms among cybersecurity experts who are advising users to change their passwords immediately. The breach exposed sensitive information including email addresses, usernames, and encrypted passwords.
The attack was reportedly executed through the exploitation of a JavaScript library, leading to a defacement of the site where a message appeared warning users about the breach. This message referenced the website
Have I Been Pwned?
which allows users to check if their data has been compromised in past breaches. Troy Hunt, the operator of this site, confirmed that he received a file containing the leaked data nine days prior to the public disclosure of the breach. He stated that 54% of the accounts were already in the database from previous incidents.
The timeline of events indicates that the Internet Archive was contacted about the breach on October 6, and the situation escalated with a simultaneous DDoS attack on the site. As of the early hours of October 14, the site was temporarily taken offline, leaving users without access to its services. Jason Scott, an archivist at the Internet Archive, noted that the site was under a denial-of-service attack, with no clear demands or statements from the attackers.
