The Internet Archive, a nonprofit that hosts a digital library, was recently hit with a double dose of cyberattacks from hackers, with one exposing the data of tens of millions of the site's users. The organization's services have also been temporarily suspended due to the attacks. The incidents are just the latest in a year of bad luck for the Internet Archive.
A 'catastrophic security breach'
"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach?" the attacker said in the pop-up message. "It just happened. See 31 million of you on HIBP!" The last line referred to the data breach notification website Have I Been Pwned, created by Troy Hunt, with whom "threat actors commonly share stolen data to be added to the service," said Bleeping Computer. Hunt confirmed that the breach is legitimate in an X post. He told Bleeping Computer that he received the stolen data in September. The trove of stolen data included 31 million email unique email addresses, usernames, and other internal data.
The Internet Archive's founder, Brewster Kahle, also confirmed the breach and said the website had been defaced with the pop-up through a JavaScript library. The site was also hit with a series of distributed denial-of-service (DDoS) attacks that have taken archive.org and openlibrary.org offline. As of Tuesday, both sites remained offline. Internet Archive is being "cautious and prioritizing keeping data safe at the expense of service availability," Kahle said in an update on X.
The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
A tough year for the Internet Archive
Even though the hacking and the DDoS attacks coincided, they appear to be unrelated. It isn't entirely clear who was behind the attacks, but the BlackMeta hacktivist group claimed responsibility on X for the DDoS attacks and said it plans to carry out more against the Internet Archive. The group claimed to target the archive because it "belongs to the USA," whose "horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of 'Israel.'" Its involvement has not been confirmed.
The cyber attacks were just the latest in several uphill battles the Internet Archive has faced in recent months. The non-profit recently lost an appeal in a lawsuit over ebook copyrights brought against it by a group of book publishers. Last year, music publishers Sony Music and Concord filed a similar suit against Internet Archive for $621 million in damages for copyright infringement.
If you have an Internet Archive account, your "username and email could well have been captured by the site's attackers," said PC Gamer. The good news is that the "version of your password they've gotten hold of is encrypted." Regardless, you should "absolutely change your Archive password as soon as you can — and change it anywhere else you use that password, too."
-
‘The worry is far from fanciful’Instant Opinion Opinion, comment and editorials of the day
-
How are Americans bracing for the end of SNAP?TODAY'S BIG QUESTION Millions depend on supplemental federal food funds that are set to expire this month, as the government shutdown begins to be acutely felt
-
Book review: ‘Joyride: A Memoir’Feature A journalist’s story of how she chased and accomplished her dreams
-
Why Britain is struggling to stop the ransomware cyberattacksThe Explainer New business models have greatly lowered barriers to entry for criminal hackers
-
How the online world relies on AWS cloud serversThe Explainer Chaos caused by Monday’s online outage shows that ‘when AWS sneezes, half the internet catches the flu’
-
AI is making houses more expensiveUnder the radar Homebuying is also made trickier by AI-generated internet listings
-
Who are the new-wave hackers bringing the world to a halt?The Explainer Individual groups and nations are beginning to form concerning partnerships with new ways to commit cybercrime
-
Digital addiction: the compulsion to stay onlineIn depth What it is and how to stop it
-
Jaguar Land Rover’s cyber bailoutTalking Point Should the government do more to protect business from the ‘cyber shockwave’?
-
'Vampire energy' could be causing your electric bill to riseUnder the Radar Wasted energy could account for up to 10% of home use
-
Will online age checks doom internet freedom?Today's Big Question Or do they protect children from harm?
