'Wayback Machine' breach affects 31 million people

AppleInsiderAppleInsider
Posted:
in General Discussion

A security breach at the Internet Archive's "WayBack Machine" has resulted in the theft of the authentication database containing data on 31 million people.

Colorful lines of code in the background with the words Internet Archive and Wayback Machine in bold, stylized lettering in the foreground.
Internet Archive's WayBack Machine



The "WayBack Machine" has been an invaluable resource, capturing snapshots of the Internet for posterity. However, it has become the latest site to become the target of hackers, with millions affected by a recent attack.

The breach of archive.org became known about on Wednesday, prompted by an unusual JavaScript alert created by the hacker, reports Bleeping Computer. The alert taunted users of the site, while also confirmed it had taken place.

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach?" the text reads. "It just happened. See 31 million of you on HIBP!"

"HIBP" refers to Have I Been Pwned, a site that shares information about breaches and also notifies victims when they occur. Troy Hunt, the creator of Have I Been Pwned, confirmed to the publication that the hackers involved had shared the authentication database nine days previously.

The database, weighing in at 6.4 gigabytes, contains authentication details for registered members, including email addresses, online names, password change timestamps, Bcrypt-hashed passwords, and other types of internal data. There are approximately 31 million unique email addresses in the database.

Hunt disclosed the receipt of the database to the Internet Archive, advising that the data would be incorporated into Have I Been Pwned 72 hours later. However, the Internet Archive has neither contacted Hunt nor publicly disclosed the breach.

The breach of data affecting 31 million users is only one of the issues affecting the Internet Archive. It is currently dealing with a DDoS attack from the hacktivist group BlackMeta, with more attacks also promised from the group.



Read on AppleInsider

Comments

  • Reply 1 of 1
    coolfactorcoolfactor Posts: 2,327member

    Internet terrorists. 

    Sure, it's good to keep online services on their toes, but when they publish and/or sell the data that was retrieved, that makes innocent users the victims, not just the service.

    Can we trust that these hackers only gave the data to HIBP? Was this a public service executed in good faith, or is that just a guise? 
Sign In or Register to comment.