Internet Archive’s WayBack Machine
A security breach at the Internet Archive’s “WayBack Machine” has resulted in the theft of the authentication database containing data on 31 million people.
The “WayBack Machine” has been an invaluable resource, capturing snapshots of the Internet for posterity. However, it has become the latest site to become the target of hackers, with millions affected by a recent attack.
The breach of archive.org became known about on Wednesday, prompted by an unusual JavaScript alert created by the hacker, reports Bleeping Computer. The alert taunted users of the site, while also confirmed it had taken place.
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach?” the text reads. “It just happened. See 31 million of you on HIBP!”
“HIBP” refers to Have I Been Pwned, a site that shares information about breaches and also notifies victims when they occur. Troy Hunt, the creator of Have I Been Pwned, confirmed to the publication that the hackers involved had shared the authentication database nine days previously.
The database, weighing in at 6.4 gigabytes, contains authentication details for registered members, including email addresses, online names, password change timestamps, Bcrypt-hashed passwords, and other types of internal data. There are approximately 31 million unique email addresses in the database.
Hunt disclosed the receipt of the database to the Internet Archive, advising that the data would be incorporated into Have I Been Pwned 72 hours later. However, the Internet Archive has neither contacted Hunt nor publicly disclosed the breach.
The breach of data affecting 31 million users is only one of the issues affecting the Internet Archive. It is currently dealing with a DDoS attack from the hacktivist group BlackMeta, with more attacks also promised from the group.
