Data breach and DDOS attacks bring down Wayback Machine

Sunday, October 13, 2024 

On Wednesday, the Internet Archive suffered a data breach of 31 million user passwords and screen names, as well as a wave of distributed denial-of-service (DDOS) attacks, rendering the Wayback Machine inaccessible. It is currently unknown whether the two events are related, though current evidence suggests that the two were perpetrated by the same hacker or group of hackers.

Shortly preceding the shutdown, users visiting the Internet Archive were greeted by a JavaScript pop-up message that read: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!" Here, "HIBP" is an abbreviation for "Have I Been Pwned," a site that allows users to look up their emails to check if their credentials have been stolen or compromised.

As of Saturday, the Internet Archive and its associated Wayback Machine remain inaccessible to the public as Internet Archive staff continue their efforts to upgrade the security of the servers to prevent future security incidents. The Archive has been focused on providing its users with ""universal access to all knowledge" since its inception in 1996.

The Wayback Machine is the Internet Archive's most popular tool, allowing users to "look back" in time to see websites and webpages as they appeared at different points in time. Access to this digital library is currently expected to return within the next several days, though no specific timeframe is available. Hopefully, the Internet Archive will be back up soon!

A hacker group, who goes by the username SN_Blackmeta on X (formerly known as Twitter), appears to operate from Russia and has claimed responsibility for the attack. Like with most DDOS attacks, this attack is believed to be politically motivated. They have accused the United States government of supporting Israel, and the hackers have cited this as their motivation for the cyberattack.

The breach presumably occurred on September 28, as that is the latest date on a gigantic SQL file, measuring 6.4 gigabytes in size, containing the stolen user data. HIBP founder Troy Hunt received the file on September 30 but was unable to review it until October 5. Hunt notified the Internet Archive staff on October 6. The Internet Archive has responded accordingly and has fended off the recent DDOS attacks.

• Emma Roth. "The Internet Archive is still down but will return in ‘days, not weeks’" — The Verge, October 11, 2024
• Akash Pandey. "Internet Archive cyberattack: How details of 31M users got exposed" — News Bytes App, October 11, 2024
• Maddison Cholerton. "The Internet Archive Is Under ATTACK! - Data Breach, DDoS & Website Vandalism" — YouTube, October 11, 2024
• Davie Winder. "Internet History Hacked, Wayback Machine Down—31 Million Passwords Stolen" — Forbes, October 10, 2024
• Marie Boran. "Hackers Claim 'Catastrophic' Internet Archive Attack" — Newsweek, October 10, 2024
• Anna Washenko. "The Internet Archive taken down by DDOS attacks" — Engadget, October 9, 2024