The web Internet Archive has recorded a distributed denial of service (DDoS) attack that has resulted in the leak of a user authentication database containing 31 million unique records or user accounts.
Internet Archive is a non-profit digital library created in San Francisco, United States, in 1996. It contains “millions of texts, films, software, music and web pages” and can be accessed for free. It also has a tool that allows you to access disappeared websites, Wayback Machine.
On Wednesday afternoon, users of www.archive.org noticed that the site was presenting a JavaScript (JS) pop-up notification indicating that it had suffered a security breach.
“Have you ever felt like the Internet Archive is standing on a limb and constantly on the brink of a catastrophic security breach? It just happened. Look at 31 million HIBP users!” media like The Verge.
These acronyms, HIBP, belong to the web Have I Been Pwned?, in which users can enter their email address manually to check its database if any of their associated Internet accounts have been the victim of a security breach. It informs what data is exposed and when the breach occurred.
The creator of this website, Troy Hunt, told Bleeping Computer that the threat actor had shared a 6.4 GB SQL file named ‘ia_users.sql’ with him a few days before this alert was published. This contained a database with authentication information for registered members, including their email addresses, usernames, hashed or Bcrypt passwords, and other data.
The cybersecurity researcher has confirmed that there are 31 million email addresses in this database and that many of them are subscribers to the HIBP vulnerability notification service. With this, it has indicated that all these addresses will be added “shortly” to the website so that all affected users can confirm if their data has been exposed in this leak.
Likewise, Hunt assured that the data leaked by the malicious actor was real after contacting some of the users listed in this database. These included cybersecurity researcher Scott Helme, who confirmed that the password Bcrypt recorded in the leak matched the one stored in your credentials manager.
Hunt therefore contacted the Internet Archive to notify them of what happened on October 6 and confirmed to Bleeping Computer that he would upload the addresses of the compromised accounts in Have I Been Pwned? within 72 hours, although there has been no response from this digital library. For now, It is unknown how the cybercriminals acted and interrupted your service and if they stole other data.
For his part, the founder of Internet Archive, Brewster Kahle, has not made reference to the alleged compromised accounts, although he did confirm on Tuesday through his X account that the website had suffered a DDoS attack – by which malicious actors They direct a lot of traffic until they saturate the capacity and leave the attacked page without service.
On Wednesday, Kahle noted that this attack had recurred and that they were working to restore service. After stating that the attack had been “repelled”, he said it had resulted in deconfiguring your website through the JavaScript library, the leaking of usernames, email and passwords.
Based on this information and to neutralize this malicious campaign, it has chosen to disable the JS library, clean the systems and launch security updates, as indicated by the manager at X.
The hacktivist group BlackMetaalso known as DarkMeta, has claimed responsibility for the attack and has indicated that it has been launching “several highly successful attacks” for hours, thanks to which it has managed to take down “all of its systems.”
Kahle recently confirmed this decline and apologized for the blackout of archive.org and openlibrary.org, which are currently offline. However, it has not pointed out BlackMeta as the author of the attack. “Internet Archive is being cautious and prioritizing data security at the expense of service availability,” he noted.
It is worth remembering that this digital library and its Wayback Machine tool were already victims of another DDoS attack with “tens of thousands of requests for false information” for days, which resulted in several interruptions to its service, although the archive collections were not affected. .