The Internet Archive and its Wayback Machine cache history have become a staple of in-the-know web users. And like every other service that gets any amount of attention, it’s now come under attack.
In addition to suffering a distributed denial of service (DDoS) attack, the site has lost a database with information on over 30 million users.
According to BleepingComputer, a pop-up message appeared on the Internet Archive’s main page with a taunting message: “See 31 million of you on HIBP!” That’s Have I Been Pwned, a separate site that archives data breaches and lets you search them to see if you’ve ever been “pwned” (affected) by one. This particular data breach includes Internet Archive user details like screen names, email addresses, encrypted passwords, and other incidental info.
A “hacktivist” group has claimed responsibility for the hack, with archived tweets indicating a political grudge against the American-hosted Internet Archive. As of Thursday morning, the Internet Archive’s site and its Wayback Machine tool are still either out of commission or loading extremely, extremely slowly.
The hack is a concern for affected users, to be sure. But since the Internet Archive doesn’t actually host any paid services or critical information — and because the lost passwords are hashed — the actual danger is far less immediate than in other large-scale data breaches.
Right now, the Internet Archive actually faces a more existential threat coming from legitimate sources: lawsuits from copyright holders that might threaten its ability to operate legally.