Internet Archive suffers ‘catastrophic’ breach affecting 31 million users

Lawrence Abrams of BleepingComputer: Internet Archive’s “The Wayback Machine” suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org saw a JavaScript alert created by the hacker stating that the Internet Archive had been breached.

“Ever get the feeling that the Internet Archive is running on sticks and perpetually on the brink of a catastrophic security breach? It just happened. See 31 million of you on HIBP!” reads a JavaScript warning displayed on the compromised archive.org site. The text “HIBP” refers to is the Have I Been Pwned data breach notification service, created by Troy Hunt, through which threat actors commonly share stolen data to be added to the service.

Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and that it is a 6.4 GB SQL file called “ia_users.sql.” The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt hashed passwords, and other internal data. Hunt says there are 31 million unique email addresses in the database, many of which have subscribed to HIBP’s data breach notification service. The data will be added to HIBP soon so users can enter their email address and confirm whether their data was exposed in this breach.