Yesterday, Internet Archive’s “The Wayback Machine” suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records claimed by the pro-Palestinian hacktivist group Black Meta. Additionally, the internet archive suffered a DDoS attack today although it is not believed that the two attacks are connected. Here’s the details:
News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” reads a JavaScript alert shown on the compromised archive.org site.
The text “HIBP” refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.
Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql.” The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.
The most recent timestamp on the stolen records is September 28th, 2024, likely when the database was stolen.
Here’s some insights from Avishai Avivi, CISO, SafeBreach:
“The latest publicly disclosed breach of the Internet Archive, which could potentially disclose approximately 31 million usernames and passwords, has some cybersecurity veterans like myself scratching our grey beards and asking, “But why?” On the face of it, the Internet Archive doesn’t hold any money, nor does it collect any personal information. Other than nostalgia, there is very little motive for this. Except, there is a database with 31 million users and passwords.
It is unfortunate that despite repeated warnings and recommendations, people still reuse passwords across multiple sites and accounts. Also, despite numerous pleas, they do not activate multi-factor authentication where possible.
So, if you are a cyber-progressive end-user:
- You use a password manager and a randomly generated password for each site you visit.
- You don’t share passwords between different sites you visit.
- You use multi-factor authentication where possible, but certainly on the more sensitive accounts (Bank, Healthcare, etc.)
This breach doesn’t matter to you. At worst, go to Internet Archive site and change your password (if you had one). If you don’t follow one or more of the above, we recommend that you check all other sites where you may have possibly used the same username and password if you did have a user on the Internet Archive.”
This advice is good advice that everyone should follow. Because that would make you far less likely to be a victim of some sort of pwnage.
Related
This entry was posted on October 10, 2024 at 5:54 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The Wayback Machine Has Been Pwned
Yesterday, Internet Archive’s “The Wayback Machine” suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records claimed by the pro-Palestinian hacktivist group Black Meta. Additionally, the internet archive suffered a DDoS attack today although it is not believed that the two attacks are connected. Here’s the details:
News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” reads a JavaScript alert shown on the compromised archive.org site.
The text “HIBP” refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.
Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql.” The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.
The most recent timestamp on the stolen records is September 28th, 2024, likely when the database was stolen.
Here’s some insights from Avishai Avivi, CISO, SafeBreach:
“The latest publicly disclosed breach of the Internet Archive, which could potentially disclose approximately 31 million usernames and passwords, has some cybersecurity veterans like myself scratching our grey beards and asking, “But why?” On the face of it, the Internet Archive doesn’t hold any money, nor does it collect any personal information. Other than nostalgia, there is very little motive for this. Except, there is a database with 31 million users and passwords.
It is unfortunate that despite repeated warnings and recommendations, people still reuse passwords across multiple sites and accounts. Also, despite numerous pleas, they do not activate multi-factor authentication where possible.
So, if you are a cyber-progressive end-user:
This breach doesn’t matter to you. At worst, go to Internet Archive site and change your password (if you had one). If you don’t follow one or more of the above, we recommend that you check all other sites where you may have possibly used the same username and password if you did have a user on the Internet Archive.”
This advice is good advice that everyone should follow. Because that would make you far less likely to be a victim of some sort of pwnage.
Share this:
Like this:
Related
This entry was posted on October 10, 2024 at 5:54 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.