Internet Archive hacked, data breach impacts 31 million users

The Internet Archive briefly displayed a pop-up on Wednesday claiming the site had been hacked. By 5:30 PM ET, the pop-up disappeared, but the site went fully offline with a message stating, “Internet Archive services are temporarily offline.”

The pop-up warned about a potential security breach, where 31 million users' data would eventually appear on Have I Been Pwned?, a service checking data leaks, which later confirmed the authenticity of the breach.

Archivist Jason Scott indicated the site was experiencing a DDoS attack, stating it was done "just because they can." An account named SN_Blackmeta claimed responsibility and hinted at future attacks.

Troy Hunt, a security expert known for managing the Have I Been Pwned (HIBP) data breach notification service, reported that a threat actor shared the Internet Archive's authentication database nine days ago. The 6.4GB SQL file, "ia_users.sql," contains data of registered users, including email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal information.

The database holds 31 million unique email addresses, many linked to the HIBP service. Hunt confirmed the data's authenticity by contacting affected users, including cybersecurity researcher Scott Helme. Despite notifying the Internet Archive three days ago, Hunt has received no response. The data will soon be added to HIBP for breach verification.