Internet Archive web historians target of hacktivist cyber attack

The Internet Archive, the non-profit digital library and operator of the popular Wayback Machine that holds a repository of billions of captures of web pages as they appeared in the past, has come under sustained cyber attack in the form of a significant distributed denial of service (DDoS) attack on its infrastructure, and a major breach that may have seen the data of 31 million users stolen.

Visitors to the organisation’s website were greeted by a JavaScript pop-up created by the attackers on the afternoon and evening of Wednesday 9 October. In their message, the hackers behind the attack said: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP! [HaveIBeenPwned]”

According to Bleeping Computer, HaveIBeenPwned owner Troy Hunt has confirmed the attackers have passed a 6.4GB database to him, which is in the process of being added to the HaveIBeenPwned service.

As of 2am BST on Thursday 10 October, Internet Archive founder Brewster Kahle said the DDoS attack had been “fended off for now” and revealed the organisation had its website defaced. He also confirmed there had been a breach of usernames, email addresses, and salted and hashed passwords.

However, at the time of writing, the US-based organisation’s website remains inaccessible on a public internet connection, and at approximately 12pm BST, Kahle said: “Sorry, but DDoS folks are back and knocked archive.org and openlibrary.org offline.

“@Internetarchive is being cautious and prioritising keeping data safe at the expense of service availability,” he said via his X account. “Will share more as we know it.”

Meanwhile, the group responsible for the attack has identified itself as SN_BlackMeta, a hacktivist operation that supports pro-Palestinian causes.

In statements posted to X, the collective said: “The Internet Archive has and is [sic] suffering from a devastating attack. We have been launching several highly successful attacks for five long hours and to this moment, all their systems are completely down.”

Responding to questions online, they added: “They are under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of Israel.”

This is disinformation. Although the Internet Archive is US-based, it is a non-profit organisation and has no connection to the US government, regardless of Washington’s stance on the wars in Gaza and Lebanon.

“Hacking the past is usually technically impossible but this data breach is the closest we may ever come to it,” said Jake Moore, ESET global cyber security advisor. “The stolen dataset includes personal information but at least the stolen passwords are encrypted. However, it’s a good reminder to make sure all your passwords are unique as even encrypted passwords can be cross references against previous uses of it.

“HaveIBeenPwned is a fantastic free service that can be used after a breach. It securely contains millions of breached usernames and passwords for people to safely check their credentials against the database to check if they have ever been caught up in a breach. If you find your data in any known breaches, it would be a good idea to change those passwords and implement multi-factor authentication.”