f you visited the Internet Archive website (www.archive.org) on Wednesday afternoon, you probably saw a strange pop-up on the screen claiming that
the site had been hacked. The pop-up message exclaimed that the website had experienced “a catastrophic security breach” and later that day the founder Brewster Kahle confirmed the security breach.
In a post on social media platform X, he offered a public update that the data breach had exposed usernames, emails, and passwords and they are trying to upgrade the security as fast as possible.
“What we know: DDOS attack—fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it.”, he stated.
The pop-up had an unusual message that scared various users, who didn’t want their information to be publicly exposed after this data breach. The pop-up message mentioned that the Web Archive was suffering a catastrophic security breach just happened and almost 31 million users will see their information on HIBP.
HIBP (Have I Been Pwned?) represents a website where users can see if their data and personal information have been made public after cyberattacks. According to Bleeping Computer, the operator of HIBP received indeed, about 9 days ago before the actual data breach, an unknown file that included email addresses, screen names, passwords, and other personal data of 31 million users.
But in an X post, HIBP on their account affirmed that almost 54% of all accounts were in their database from past security breaches. In that post, he offered further details about the real timeline of the situation until the Internet Archive website was damaged after a DDoS attack.
DDoS attack represents a cyberattack that is specially designed to force a website, computer, or an online service to be offline. This attack manifests by flooding the targeted victim with too many requests that are consuming its capacity and eventually will become unable to respond to another user’s requests.
Subscribe to our newsletter
It’s important to mention that once the pop-up message was closed by users, the site seemed to load normally even though it ran a little bit slowly.
What we don’t know for sure is if the WayBack machine was experiencing a cyberattack too and if all of the information of users and readers of the Internet Wayback Machine was exposed in this data breach. We are waiting for further updates from the Internet Archive to provide a proper update on this.
By 5:30 PM, the pop-up had fully disappeared along with the rest of the site, leaving only a black page with a message that stated "Internet Archive services are temporarily offline," and directed users and readers to their X account for further updates.
It seems that an account on the X platform (SN_Blackmeta) declared that they initiated the attack and are planning another attack for tomorrow. The account has also posted about an alleged DDoS attack on Web Archive back in May.
Stay tuned for other updates on this cyberattack!
By
Eva Robinson
•
October 10, 2024 10:00 PM
.webp)
.webp)
