Internet History Hacked Wayback Machine Down31 Million Passwords Stolen

Internet History Hacked, Wayback Machine Down—31 Million Passwords Stolen
Davey Wind
Senior Contributor
Davey Winder is a veteran cybersecurity writer, hacker and analyst.
Follow

1
Oct 10, 2024,04:58am EDT
Updated Oct 11, 2024, 06:57am EDT
Wayback Machine Landing Page Template. Business Woman Character Travel in Time sit in Cockpit Looking Ahead
Hackers have compromised the Internet's pastgetty
Story updated Oct. 11 with additional expert comment regarding the DDoS attack on the Wayback Machine and the security resources that have helped limit the damage.

Hackers have compromised the Internet’s past, the Internet Archive’s Wayback Machine, stealing 31 million passwords and launching a massive Distributed Denial of Service attack in the process. It is unclear if the two security incidents, the compromise of the Internet Archive’s authentication database containing registered member details, including hashed passwords, and the denial of service attack, are related. However, the evidence does seem to be pointing in the direction of this being a targeted attack by the same threat actor.

What We Know About The Internet Archive Hack
The first clue that something was wrong came from the service itself, with the display of a JavaScript alert popup for visitors to the archive.org site which read:

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"

Forbes
Gmail Hackers Have Control Of 2FA, Email And Number? Here’s What To Do
By Davey Winder
Troy Hunt, the founder of the Have I Been Pwned data breach notification service referenced in the hacker’s note, told Bleeping Computer, the first to report on the news, that the threat actor had shared a 6.4GB database with them some days ago. This authentication database, which appears to be genuine and from the Internet Archive, contained “authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data,” Hunt told Bleeping Computer founder and editor Lawrence Abrams.

The last timestamp in that database gives a clue as to when the breach occurred, September 18. According to Hunt, there are 31 million records in the database which will be added to the HIBP service soon so as to enable people to see if their data has been exposed by this attack.

MORE FROMFORBES ADVISOR
Best High-Yield Savings Accounts Of 2024
ByKevin PayneContributor
Best 5% Interest Savings Accounts of 2024
ByCassidy HortonContributor
Based on the publicly available evidence so far, Jason Meller, vice president of product at 1Password, and a former chief security strategist at Mandiant, said that the Internet Archive “database has been exfiltrated, indicating that the back-end infrastructure was accessible, and their pages have been defaced, suggesting that the attackers have some degree of control over the web content served to users.” Meller further said that as the website has been repeatedly knocked offline, this would suggest that the attacker or attackers” have gained dominance at the network layer.”


Forbes Daily: Join over 1 million Forbes Daily subscribers and get our best stories, exclusive reporting and essential analysis of the day’s news in your inbox every weekday.

Email address
Sign Up
By signing up, you agree to receive this newsletter, other updates about Forbes and its affiliates’ offerings, our Terms of Service (including resolving disputes on an individual basis via arbitration), and you acknowledge our Privacy Statement. Forbes is protected by reCAPTCHA, and the Google Privacy Policy and Terms of Service apply.
The Internet Archive may not be the biggest or best-resourced organization. But, as Adam Brown, managing security consultant at Black Duck, said, it has employed security practices that helped limit the blast radius of this attack. “Using Bcrypt, if implemented correctly, will prevent the extraction of passwords,” Brown said, “while hashes can be looked up if common passwords are used if the hash is salted, as it is with Bcrypt, this largely prevents the use of hash look-up tables.” Although it remains unclear how the authorization SQL database was stolen in the first place, “we can assume there is likely lacking or misconfigured security controls around access to it,” Brown said.

symbol
00:02

03:12
Read More
Hacking Internet History
“Hacking the past is usually technically impossible but this data breach is the closest we may ever come to it,” Jake Moore, global cybersecurity advisor with ESET, said, “the stolen dataset includes personal information but at least the stolen passwords are encrypted.”

Forbes
Has Google Pay Been Hacked—Users Get Strange 1 New Card Notification
By Davey Winder
Moore warns that even encrypted passwords can be cross-referenced against previous uses of the same password, so “it’s a good reminder to make sure all your passwords are unique.”

Brewster Kahle, a digital librarian and group chair at the Internet Archive, posted a statement on X that said:

“What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it.”

“Distributed Denial-of-Service attacks often suggest political motives, and the attack on The Internet Archive is no exception,” Donny Chong, a director at Nexusguard, said, “While the identity behind the data breach exposing 31 million users remains unclear, the pro-Palestinian hacktivist group Black Meta has claimed responsibility for the DDoS attacks that took down The Internet Archive.”



This is a developing story and will be updated as more information is forthcoming.