Internet Archive Hacked: 31 Million User Records Stolen in Major Data Breach
Internet Archive Data Breach Exposes 31 Million Users
The Internet Archive has been hit by a massive data breach, exposing the personal details of 31 million registered users. The breach was made public when visitors to archive.org saw a JavaScript alert from the hacker, announcing that the site had been compromised.
User Authentication Database Stolen
The stolen data includes users’ email addresses, screen names, bcrypt-hashed passwords, and timestamps. Troy Hunt, creator of Have I Been Pwned (HIBP), confirmed that the threat actor shared a 6.4GB SQL file containing these details with his service. Users can now check if their data was exposed using HIBP.
JavaScript alert shown on Archive.org
Source: BleepingComputer
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Confirmation of the Breach
Hunt verified the authenticity of the breach by contacting users listed in the stolen database, including cybersecurity researcher Scott Helme, who confirmed that his credentials were included. Helme’s bcrypt-hashed password and timestamp matched records in his password manager.
9887370, [email protected],$2a$10$Bho2e2ptPnFRJyJKIn5BiehIDiEwhjfMZFVRM9fRCarKXkemA3PxuScottHelme,2020-06-25,2020-06-25,[email protected],2020-06-25 13:22:52.7608520,\N0\N\N@scotthelme\N\N\N
Password manager entry for archive.org
Source: Scott Helme
Internet Archive Yet to Respond
Despite Hunt’s efforts to contact the Internet Archive about the breach, there has been no official response from the organization. The breach reportedly occurred on September 28th, 2024, and the threat actor hinted that the data would soon be loaded into HIBP.
Trending: 10 Misconceptions about Hacking
Trending: Recon Tool: Argus
DDoS Attack Follows Breach
In addition to the data breach, the BlackMeta hacktivist group has claimed responsibility for a DDoS attack on the Internet Archive. The group has also threatened to launch further attacks, but no additional details about the methods of compromise or other stolen data have been reveal
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
New Ghost Tap Attack: The Next-Level Credit Card Scam Exploiting Apple Pay and Google Pay
Apple Rushes to Patch Two Zero-Day Exploits Targeting Intel-Based Macs
Chinese Hackers Exploit Zero-Day in FortiClient VPN with ‘DeepData’ Toolkit
Critical Flaw in Popular WordPress Plugin Puts Millions of Websites at Risk
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
