Internet Archive Security Breach: Email IDs, Passwords Of More Than 31 Million Users Uploaded On 'Have I Been Pwned'

The Internet Archive, a well-known digital repository famous for its Wayback Machine, recently experienced a data breach that exposed around 31 million user accounts. In a statement shared on social media platform X, founder Brewster Kahle confirmed that the website was hit by a cyberattack on Tuesday, resulting in service disruption. Kahle also disclosed that user information, including usernames, email addresses, and encrypted passwords, had been compromised in the breach.

Kahle on Thursday wrote, “Services are currently stopped to upgrade internal systems. We are working to restore services as quickly and safely as possible. Sorry for this disruption.”

Update: @internetarchive’s data has not been corrupted. Services are currently stopped to upgrade internal systems.

We are working to restore services as quickly and safely as possible.

Sorry for this disruption.

— Brewster Kahle (@brewster_kahle) October 10, 2024

ALSO READ | How To Receive An Alert Online For Coldplay Infinity Ticket For Mumbai Shows Before The Sale Goes Live

For those who may not know, the Internet Archive is a non-profit organization founded in 1996, offering free access to a vast collection of videos, books, audio files, and images. One of its key features is the Wayback Machine, which preserves snapshots of websites, allowing users to view past versions of those sites.

The founder explained that hackers made a Distributed Denial of Service (DDOS) attack against the library. According to the Cybersecurity and Infrastructure Security Agency, this form of attack typically overloads the website with excessive traffic which leads it to crash or become inaccessible.

As per a Forbes report, users felt something was wrong when they saw a strange message on the Internet Archive’s website earlier this week. The message read, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”

HIBP's full form is “Have I Been Pwned,” and it is a website that lets users verify if their personal information including email addresses and passwords have been exposed in a data breach or not.

The Hack Happened A Week Back?

Despite hackers causing an outage at the Internet Archive this week, cybersecurity expert Troy Hunt, founder of Have I Been Pwned (HIBP), noted on X that the breach likely occurred over a week ago. Hunt mentioned he initially received details about the breach on September 30 but didn’t begin analyzing the data until October 5.

After completing his review, he alerted the Internet Archive and updated the HIBP platform, revealing that over 31 million accounts had been affected.

He suggested that “multiple parties” might be involved in the security breach and noted, “when we’re talking breach + defacement + DDoS, it’s clearly not just one attack.”