The Internet Archive, the nonprofit organization known for running the Wayback Machine, is still grappling with severe disruptions after hackers targeted its platform, exposing data of 31 million users. This cyberattack, which began with a distributed denial of service (DDoS) attack, has resulted in ongoing service outages, with hackers exploiting vulnerabilities and breaching sensitive user information.
The attack initially knocked the Archive offline on October 9, 2024, flooding its servers with junk web traffic in a DDoS attack. According to Brewster Kahle, the founder of the Internet Archive, after managing to fend off the initial wave, hackers proceeded to deface the website and stole usernames, email addresses, and encrypted passwords. In response, the Archive took immediate action, shutting down the source of the breach, scrubbing its systems, and upgrading security measures. However, by the following morning, the DDoS attacks resumed, taking both the Internet Archive and its sister platform, OpenLibrary, offline again.
In a public statement, Kahle emphasized that their primary focus is to protect users’ data, even at the cost of service availability. “Internet Archive is being cautious and prioritizing keeping data safe at the expense of service availability. We will share more as we know it,” Kahle stated.
The cyberattack has since been claimed by a hacker group going by the name SN_BLACKMETA. Researchers analyzing the group’s activities have noted a pattern in their targets and language. Despite operating largely in Russian, the group has carried out attacks on institutions in the Middle East, as well as other global targets. Their recent attacks appear to be driven by political motivations, with the group declaring the Internet Archive as a target because of its association with the United States and its stance on the Israel-Palestine conflict. In one of their posts, the group said, “The archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide being carried out by the terrorist state of ‘Israel.’”
In a further twist to the incident, privacy expert Troy Hunt, who operates the HaveIBeenPwned (HIBP) data breach alert service, revealed that the hackers had reached out to him prior to the attack. They claimed to have stolen user information from the Internet Archive, and Hunt verified this, confirming that some of the data was legitimate. The hackers initially contacted Hunt on September 30, 2024, but it wasn’t until October 5 that he could thoroughly examine the files. Hunt promptly notified the Internet Archive and gave them a 72-hour window before adding the stolen data to HIBP, allowing users to check if their information had been compromised. However, the breach escalated into full-scale defacement and repeated DDoS attacks just as Hunt was loading the data into his platform.
“This isn’t a single attack,” Hunt explained. “The defacement, DDoS, and breach make it clear that multiple parties may be involved, and the timing seems coincidental but could indicate more complex coordination.” He urged all Internet Archive users to change their passwords as soon as the site is restored.
The consequences of this breach extend beyond just the Internet Archive. SN_BLACKMETA has been conducting a global campaign of cyberattacks, targeting high-profile institutions such as financial organizations in the Middle East, telecom companies, and even major tech firms like Microsoft and Yahoo. Their motivations are politically charged, with their latest actions aligning with criticism of Israel and its allies, as well as perceived injustices in regions like Sudan and the United Arab Emirates.
While the full scope of the breach’s impact is still being assessed, the incident has once again highlighted the vulnerability of nonprofit organizations like the Internet Archive. Despite its critical role in preserving the web’s history, it has become a target in the ongoing cyber conflict landscape.
In the meantime, the Archive’s community and users are left to wait, hoping that stronger security measures will prevent further attacks while recognizing the difficult balance between providing services and maintaining security.
As the cyber threats grow in sophistication, nonprofits like the Internet Archive must adapt to keep pace with attackers that have no boundaries.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
I am thankful for you and those who work with you to block these incursions into our internet sites, whether personal or government.
Thank you all!
Thank you very much! You’re welcome. I hope you have a great day! 😎