The Internet Archive, a non-profit digital library known for its Wayback Machine, has fallen victim to a significant data breach and a series of distributed denial-of-service (DDoS) attacks. This double blow has raised serious concerns about the security and stability of one of the web's most valuable resources.
Massive Data Breach Exposes Millions of User Accounts
According to security researcher Troy Hunt, the data breach has compromised information related to over 31 million email accounts. The exposed data includes email addresses, screen names, password change timestamps, and Bcrypt-hashed passwords. This breach represents a severe security incident for the Internet Archive and its users.
DDoS Attacks Disrupt Service
Compounding the data breach, the Internet Archive has also been subjected to multiple DDoS attacks. These attacks have caused service disruptions and temporary unavailability of the platform. Jason Scott, an archivist at the Internet Archive, reported that the attacks appeared to be carried out just because they can with no clear demands or motivations stated by the attackers.
Response and Security Upgrades
Internet Archive founder Brewster Kahle confirmed the breach and outlined initial steps taken to address the situation:
- Disabling the compromised JavaScript library
- Scrubbing systems
- Upgrading security measures
The organization is working to enhance its defenses against future attacks and improve the security of user credentials.
Ongoing Threats and Legal Challenges
A group identifying itself as Blackmeta has claimed responsibility for the DDoS attacks and threatened further disruptions. This comes at a challenging time for the Internet Archive, which is also facing legal battles related to copyright issues surrounding its digital lending practices.
As the situation develops, users of the Internet Archive are advised to change their passwords and remain vigilant for any suspicious activity related to their accounts. The incident serves as a stark reminder of the ongoing security challenges faced by even well-established and crucial internet institutions.