The Internet Archive has been hit by a cyberattack, compromising the personal data of over 31 million users.
The nonprofit organization, known for its Wayback Machine service, which archives web pages, is grappling with the aftermath of the sophisticated attack.
Breach Details
On October 9, visitors to the Internet Archive’s website were greeted with a pop-up message indicating a security breach.
A hacker group operating under the name SN_BlackMeta has claimed responsibility for the attack, stating on social media platform X (formerly Twitter) that they had launched “several highly successful attacks” against the Archive.
The breach exposed user records, including email addresses, screen names, and bcrypt-hashed passwords.
Troy Hunt, founder of the data breach notification service Have I Been Pwned, confirmed receiving a database containing information on 31 million unique email addresses associated with the Internet Archive.
Ongoing Disruption
The Internet Archive’s website and Wayback Machine service remain inaccessible as of this writing.
This outage is concerning given Google’s recent integration of Wayback Machine links into its search results, a feature announced just last month to enhance access to historical web content.
The timing of this attack could potentially disrupt Google’s new feature, which was designed to provide users with easy access to archived versions of web pages directly from search results.
Response From Internet Archive
Brewster Kahle, founder and digital librarian of the Internet Archive, acknowledged the breach in a post on X, stating:
“What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.”