Internet Archive Hit by DDoS Attacks, Breach of 31M Records

Update - The Internet Archive this week confirmed that it was hit with a data breach that impacts 31 million user records. The organization was also hit by a website defacement and a series of distributed denial-of-service (DDoS) attacks this week, and its websites are still offline as recently as Friday morning.

The Internet Archive is a non-profit organization that essentially serves as a digital library, hosting websites, apps, music and print materials, and housing hundreds of billions of web pages in its Wayback Machine digital archive.

Key Details:

• Troy Hunt, founder of Have I Been Pwned (HIBP), which allows people to check if their data has been compromised by breaches, on Wednesday confirmed that the data breach occurred in September

• Brewster Kahle, who founded the Internet Archive decades ago, said in a Wednesday tweet that the website was defaced via the JavaScript library and the breach had involved 31 million user records including email addresses, screen names, and bcrypt password hashes 

• Just as Hunt was uploading the compromised data into HIBP on Wednesday (so users can check if they’re impacted), people reported that the Internet Archive’s website appeared to be defaced. While loading archived pages, a JavaScript alert was popping up, which said: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”

• At the same time, the Internet Archive was hit by a series of DDoS attacks starting Tuesday and remains offline as of Thursday morning

What We Don’t Know: Two big questions remain: Who is behind this malicious activity? And why did they do it? The breach has drawn ire and disbelief on Twitter in particular because the Internet Archive is an important resource that provides services that many people heavily rely on - and a non-profit organization on top of that. While some threat actors have claimed to be behind the DDoS attacks, no claims have been confirmed at this time, and we also don’t know if the DDoS attacks, website defacements and the breach are linked. What we do know is that the Internet Archive is facing turbulent times: The organization has previously been hit by DDoS attacks this year - including ones in May - and is also grappling with several lawsuits for copyright infringement.

Latest Updates: On Thursday, Kahle said that the Internet Archive is taking several steps to upgrade its security. However, as of Thursday morning continual DDoS attacks have continued to knock Internet Archive websites offline. “[Internet Archive] is being cautious and prioritizing keeping data safe at the expense of service availability,” said Kahle.

As of Friday morning, Kahle said “the data is safe.” Services are still offline and will likely be up again in a matter of days, said Kahle.