The Internet Archive, a nonprofit that hosts a digital library, was recently hit with a double dose of cyberattacks from hackers, with one exposing the data of tens of millions of the site's users. The organization's services have also been temporarily suspended due to the attacks. The incidents are just the latest in a year of bad luck for the Internet Archive.
A 'catastrophic security breach'
"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach?" the attacker said in the pop-up message. "It just happened. See 31 million of you on HIBP!" The last line referred to the data breach notification website Have I Been Pwned, created by Troy Hunt, with whom "threat actors commonly share stolen data to be added to the service," said Bleeping Computer. Hunt confirmed that the breach is legitimate in an X post. He told Bleeping Computer that he received the stolen data in September. The trove of stolen data included 31 million email unique email addresses, usernames, and other internal data.
The Internet Archive's founder, Brewster Kahle, also confirmed the breach and said the website had been defaced with the pop-up through a JavaScript library. The site was also hit with a series of distributed denial-of-service (DDoS) attacks that have taken archive.org and openlibrary.org offline. As of Tuesday, both sites remained offline. Internet Archive is being "cautious and prioritizing keeping data safe at the expense of service availability," Kahle said in an update on X.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
A tough year for the Internet Archive
Even though the hacking and the DDoS attacks coincided, they appear to be unrelated. It isn't entirely clear who was behind the attacks, but the BlackMeta hacktivist group claimed responsibility on X for the DDoS attacks and said it plans to carry out more against the Internet Archive. The group claimed to target the archive because it "belongs to the USA," whose "horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of 'Israel.'" Its involvement has not been confirmed.
The cyber attacks were just the latest in several uphill battles the Internet Archive has faced in recent months. The non-profit recently lost an appeal in a lawsuit over ebook copyrights brought against it by a group of book publishers. Last year, music publishers Sony Music and Concord filed a similar suit against Internet Archive for $621 million in damages for copyright infringement.
If you have an Internet Archive account, your "username and email could well have been captured by the site's attackers," said PC Gamer. The good news is that the "version of your password they've gotten hold of is encrypted." Regardless, you should "absolutely change your Archive password as soon as you can — and change it anywhere else you use that password, too."
-
August 23 editorial cartoonsCartoons Saturday's political cartoons include deficit dimness, steamroller-in-chief, and more
-
5 museum-grade cartoons about Trump's Smithsonian purgeCartoons Artists take on institutional rebranding, exhibit interpretation, and more
-
Settling the West Bank: a death knell for a Palestine state?In the Spotlight The reality on the ground is that the annexation of the West Bank is all but a done deal
-
Big Brother is watching: Wi-Fi signals can track you in your homeUnder the radar It could open the door to mass surveillance
-
Is AI killing the internet?Talking Point AI-powered browsers and search engines are threatening the death of the open web
-
Airplane crash-detection systems could be vulnerable to hackersUnder the Radar 'The idea scares the shit out of me,' one pilot said
-
Did you get a call from a government official? It might be an AI scam.The Explainer Hackers may be using AI to impersonate senior government officers, said the FBI
-
Elon Musk's SpaceX has created a new city in TexasUnder The Radar Starbase is home to SpaceX's rocket launch site
-
Amazon launches 1st Kuiper internet satellitesSpeed Read The battle of billionaires continues in space
-
Fake AI job seekers are flooding US companiesIn the Spotlight It's getting harder for hiring managers to screen out bogus AI-generated applicants
-
OpenAI's new model is 'really good' at creative writingUnder the Radar CEO Sam Altman says he is impressed. But is this merely an attempt to sell more subscriptions?
