A recent cybersecurity breach has stolen 31 million passwords after a hacker compromised the Internet Archive’s Wayback Machine, which contained personal information from a user authentication database.
Bleeping Computer was the first outlet to report the news on Wednesday, stating that visitors to archive.org received a JavaScript alert created by the hacker, indicating that the Internet Archive had been compromised.
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” the Java Script alert read on the website, according to Forbes.
What does “HIBP” mean, and how does it relate to online security and data breaches?
The acronym “HIBP” stands for “Have I Been Pwned,” a data breach notification service created by Troy Hunt, the site’s founder. The platform enables users to enter their email addresses to check whether their information has been exposed to the public by hackers. However, according to Bleeping Computer, “threat actors” can also use this platform to share stolen data that can be added to the service.
Hunt told Bleeping Computer that the threat actor had shared a 6.4GB database with them in early October. According to him, it contained “authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.”
Additionally, he revealed that the database contains 31 million unique email addresses, many of which belong to users subscribed to the HIBP notification service. They will soon be able to use the platform to check if their data has been exposed in the recent attack.
When did the password breach occur?
The most recent timestamp in the database is Sept. 28, and Bleeping Computer reported this is likely when the breach occurred.
Forbes reported that Jason Meller, vice president of product at 1Password and former chief security strategist at Mandiant, explained that the threat actor successfully hacked into the database due to its easy access.
“Database has been exfiltrated, indicating that the back-end infrastructure was accessible, and their pages have been defaced, suggesting that the attackers have some degree of control over the web content served to users.” Meller further said that as the website has been repeatedly knocked offline, this would suggest that the attacker or attackers ”have gained dominance at the network layer,” he said in a statement obtained by the outlet.
Other cybersecurity experts noted that the personal information breached was linked to the stolen passwords, and they advised users to keep their passwords as “unique” as possible, per Forbes.
Internet Archive responds to the attack
Brewster Kahle, a digital librarian and group chair at the Internet Archive, shared an update Wednesday on X, formerly known as Twitter, confirming the latest breach in user passwords and information, per Forbes.
“What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it,” he tweeted.
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
— Brewster Kahle (@brewster_kahle) October 10, 2024