In today’s context, where data security has become a major concern for companies and individuals alike, a DDoS attack on an unprecedented scale highlighted persistent web vulnerabilities. This digital offensive not only disrupted access to several online services, but also led to a massive leak of sensitive data.
As experts work to understand the extent of the damage caused, this incident raises crucial questions about the protection of personal information and the resilience of digital infrastructures in the face of growing threats. Find out how this attack could redefine cybersecurity priorities.
What happened with Internet Archive
On October 9, 2024, the Internet Archive, an organization dedicated to digital preservation, underwent a major cyberattack compromising around 31 million user accounts. Visitors to the site were greeted by an alarming message indicating a critical security flaw, confirmed by Troy Hunt of Have I Been Pwned (HIBP).
New breach: Internet Archive had 31M records breached last month including email address, screen name and bcrypt password hash. 54% were already in @haveibeenpwned. Read more: https://t.co/1d9Mxv97Ac
– Have I Been Pwned (@haveibeenpwned) October 9, 2024
The data presented included email addresses, usernames, hashed passwords with Bcrypt and other sensitive information. This breach immediately raised concerns about the potential risks to users, particularly in terms of identity theft. The technical team is working to contain the impact while working to restore trust and security on the site.
What were the immediate reactions and measures taken?
In response to the attack, Brewster Kahle promised to provide information as soon as it became available, while Jason Scott confirmed an ongoing DDoS attack.
Hey, when Internet Archive comes back, where’s the first section you run to? pic.twitter.com/RNnMJ9MKAJ
– Jason Scott (@textfiles) October 9, 2024
The Internet Archive’s technical team has mobilized to counter these attacks and repair the disfigurements caused by a JavaScript library compromised.
What we know: DDOS attack-fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
– Brewster Kahle (@brewster_kahle) October 10, 2024
Despite their efforts, the site remained inaccessible for several hours, displaying a message indicating the temporary suspension of services. Those responsible have not yet been identified but the organization is working with the authorities to investigate the breach. At the same time, measures are being taken to reinforce security and gradually restore the site’s functionality.
Consequences of this attack and future prospects
The 31 million users’ data compromised exposes the Internet Archive to increased risks of identity theft and account usurpation, threatening its reputation. Cybersecurity experts stress the need for the organization to invest in robust security infrastructures and advanced monitoring systems.
Brewster Kahle and his team are committed to restoring the site while securing the remaining data. They recommend that users change their passwords and adopt multi-factor authentication. Regular site status updates are planned, aimed at restoring user confidence and ensuring enhanced protection against future cyber threats.
Latest update (5:36am, Oct 10) ⬇️ https://t.co/a8FiM0Z3fN
– Internet Archive (@internetarchive) October 10, 2024
