Internet Archive: Security breach alert

Just in terms of privacy, it&#x27;s worth noting that anyone who has uploaded something on IA already has their email address publicly viewable.<p>This isn&#x27;t something that commonly known (even judging by comments here) but in the publicly viewable metadata of every upload it contains the uploader&#x27;s IA account email address. So from a security perspective it&#x27;s bad but from a privacy perspective a lot of users probably weren&#x27;t aware of this detail if they&#x27;ve uploaded anything.

A pulled an old friends website down from Internet Archive.<p>He&#x27;s moved on the next stage, but I was glad I was able to put his site back up.<p>It&#x27;ll be a shame if IA goes down permanently, but we need a decentralized solution anyway.<p>Having a single mega organization in charge of our collective heritage isn&#x27;t a good idea.

More details here about the data breach. Stolen database contains 31 million records.<p><a href="https:&#x2F;&#x2F;www.bleepingcomputer.com&#x2F;news&#x2F;security&#x2F;internet-archive-hacked-data-breach-impacts-31-million-users&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.bleepingcomputer.com&#x2F;news&#x2F;security&#x2F;internet-arch...</a>

Just noticed the site now alerts this:<p>&gt; Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!

It looks like someone has compromised one of their subdomains for Polyfill<p>Update: Subdomain seems to be returning normal responses again now.

One of those instances when you really wish curses worked on whoever was pulling this stunt “may you and your descendants suffer the bites of 10000 fleas for 10000 nights as punishment for your misdeeds”

Probably not the best time to say this, but it&#x27;s surprisingly easy to go through a collection with items and grab every email along with the usernames.<p><a href="https:&#x2F;&#x2F;archive.org&#x2F;metadata&#x2F;naturally_a_girl&#x2F;metadata" rel="nofollow">https:&#x2F;&#x2F;archive.org&#x2F;metadata&#x2F;naturally_a_girl&#x2F;metadata</a><p>One way or another, there was going to be someone who would take loads of emails with a username attached to it. A bit intrigued by how the hacker compromised the database and got the passwords.

Why go for the Internet Archive go for something else not the fucking archive!

This thread is looking like it&#x27;ll be one of the first places this incident will be documented (seems to be on the top of Google).<p>Already there are two new users just for this.

I have had an IA account for a number of years, with a gmail address. Nine months ago, I changed the email address to a masked address using my own domain. Now I find that my gmail address was still stored, and was involved in the breach. Why? I get that they might store change history, but why?<p>BTW, for the current account details, I changed the password to another random string generated by my password manager, and also deleted the masked email address and generated another one, so going forward this sort of thing isn&#x27;t that much of an issue for me.

<a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;DataHoarder&#x2F;comments&#x2F;h02jl4&#x2F;lets_say_you_wanted_to_back_up_the_internet&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;DataHoarder&#x2F;comments&#x2F;h02jl4&#x2F;lets_sa...</a><p>I found this reddit thread from &#x2F;r&#x2F;DataHoarder about backing up the internet archive particularly interesting, given the circumstances

A few minutes ago (22:48 UTC), I got three emails from HIBP about accounts of mine breached on the Internet Archive. Troy is quick! And I&#x27;m surprised the author of that alert() actually had the data as well as followed through<p>Bit of a shame the emails contain an ad for a password manager, saying there&#x27;s two easy steps to become more secure: Step 1: use our password manager (fair enough), &quot;Step 2: Enable 2 factor authentication and store the codes inside your [password manager]&quot; ehh now it&#x27;s back to 1 factor or am I missing something?<p>Edit: according to <a href="https:&#x2F;&#x2F;www.bleepingcomputer.com&#x2F;news&#x2F;security&#x2F;internet-archive-hacked-data-breach-impacts-31-million-users&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.bleepingcomputer.com&#x2F;news&#x2F;security&#x2F;internet-arch...</a> (via <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41793669">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41793669</a>), Troy Hunt &#x2F; HIBP already received and verified this &quot;three days ago&quot; as of yesterday 6pm AoE

They use bcrypt and I always use a really long password so I’m not gonna freak out over this one for once.

As of 01:09 GMT on October 10, the Internet Archive is back up.<p>In fact, the Wayback Machine and the book archives are responding more quickly than they did for me a week ago, when I showed the Archive to the students in an online class I teach. I gave the students a homework assignment that involves accessing some old books at the Archive. That assignment is due in about 12 hours, and I was just getting ready to e-mail the students about the outage when I saw that the site is working again.

Confused about this breach... I received a notification from HIBP about this hack, but I don&#x27;t recall ever creating an account on archive.org (was creating an account there even a thing?).<p>What info does archive.org have on people? Is this info scraped from other websites and stored in the archive.org database? Or is this info related to personal archive.org accounts (as I said I don&#x27;t recall making an account)?

Well this should be fun.<p>Now I&#x27;ll have to dig through my IA account and remember if I donated to them directly via credit card (and if they stored it), or if it was through PayPal.

The reported alert on the site states:<p>&gt; Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!<p>But is this an official message from the company? It sounds odd and unprofessional, especially the &quot;See 31 million of you on HIBP!&quot; part, which jokingly refers to a huge privacy issue for users. Could it also be that the site was hacked, with hackers posting that message in addition to the data breach and DDoS attack?

The funny thing is the internet archive is more connected to hacker culture than cracking a website will ever be. I hate posers more than anything. Hopefully the internet archive comes back stronger than ever.

<a href="https:&#x2F;&#x2F;x.com&#x2F;Sn_darkmeta&#x2F;status&#x2F;1844080692772401399?t=j3xDzkZ_H8FWA3f2TtXx1w&amp;s=19" rel="nofollow">https:&#x2F;&#x2F;x.com&#x2F;Sn_darkmeta&#x2F;status&#x2F;1844080692772401399?t=j3xDz...</a><p>Annoying

That sucks, I was reading my email in the morn and saw the news from haveibeenpwned.com, and I&#x27;m indeed effected by it.<p>Consolation is that I used a randomly generated unique password, tried to reset my credentials and see of any 2FA options but the site is overloaded throwing 504s.

Should we be linking to the site that is very likely to be breached? Could start to host any type of malware until the access can be definitively revoked

Let&#x27;s hope it was someone dumb enough to be extraditable.

Fun fact: this is the first time using a password manager (Bitwarden) protyected me from a security breach! Now I only have to update my archive.org password instead of all of them lol

They&#x27;re hiring, if you&#x27;re looking for a job.<p><a href="https:&#x2F;&#x2F;www.indeed.com&#x2F;viewjob?jk=3bb8222ccd9a88ea" rel="nofollow">https:&#x2F;&#x2F;www.indeed.com&#x2F;viewjob?jk=3bb8222ccd9a88ea</a>

Reporting on security issues is always so terrible. Is it a data breach or is it a DDoS? (Or both). Those are opposite things. One is trying to release secret information one is trying to make the site inaccessible.

How much of the archive is affected? Could be a targeted effort to tamper with historical records.

Does the IA publish hashes of its data to a 3rd party, so we could (in principle) verify that nothing has been tampered with?

Wouldn&#x27;t be surprised if the service was purchased by some publishing empires. This kind of things usually costs some $$$.

One of the many benefits of owning my own email server:<p>- I have a catch all setup to forward all emails to specific user on mail server<p>- able to setup adhoc email addresses for each online service (ie, iarch@example.com)<p>- able to claim example.com in haveibeenpwned<p>Now I get breach emails from hibp for the whole domain. Unfortunately, I was exposed in this IA breach

Good. Maybe this will get them to reconsider their website changes that make the IA unusable without javascript.

Lets attack one of the bastions of information freedom...in the name of Palestine, sigh. Ass-hat hackers.

I&#x27;ve made a timeline of events: <a href="https:&#x2F;&#x2F;gist.github.com&#x2F;xproot&#x2F;b574dc868a9db012bbe07252a1f7f2d5" rel="nofollow">https:&#x2F;&#x2F;gist.github.com&#x2F;xproot&#x2F;b574dc868a9db012bbe07252a1f7f...</a><p>Fun fact! Troy actually got this database back in Sep. 30th.

That&#x27;s a shame.<p>We need not one but many internet archives. Just one and we will repeat the outcome of the Library of Alexandria.

They reported a DDOS attack yesterday, wonder if this is their alert as they manage the fallout?

<a href="https:&#x2F;&#x2F;blog.archive.org&#x2F;2021&#x2F;02&#x2F;04&#x2F;thank-you-ubuntu-and-linux-communities&#x2F;" rel="nofollow">https:&#x2F;&#x2F;blog.archive.org&#x2F;2021&#x2F;02&#x2F;04&#x2F;thank-you-ubuntu-and-lin...</a> &quot;The Internet Archive is wholly dependent on Ubuntu and the Linux communities that create a reliable, free (as in beer), free (as in speech), rapidly evolving operating system. It is hard to overestimate how important that is to creating services such as the Internet Archive.&quot; Maybe CUPS?

Archive.org is now down. Could anyone explain what it used to show?

Why should an Archive need accounts anyways? This is like a public library: you don&#x27;t need to authenticate yourself to enter a public library, do you?

Related submission: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41792614">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41792614</a>

I just got a Discord &quot;breaking news&quot; notification about this from a server I am, said it may not show on Have I Been Pwned as it is so new.

I wonder how they got access the their database? I read in this thread that they likely used a supply chain attack by replacing some polyfill scripts. So they could&#x27;ve injected malicious code (XSS) that logged email and password to a remote server which they could have gone through. With a bit of luck they couldve gotten access to an admin account or whatever…

Strange I just received this message when going to the archive.org website I thought I might have misspelled the url

Does IA have much information on users? I’ve been in dozens of these HIBP leaks (including this one) but still none have concerned me, since they were mostly just email&#x2F;password and nothing else.<p>Does IA store anything sensitive for any users?p physical addresses, credit cards, etc?

Maybe this will make Google reconsider relying on them for cached versions of webpages.

Archive.org is completely down

Does anybody know the details of the attack via the JS library? Was that the exploit of a bug that could affect every site or a chain of supply attack targeted at the Internet Archive?

Bet it’s just a stored XSS alert from a poisoned cache.

The recent news on IA has made me worried about it. It seems to be a fragile thing and if it goes it&#x27;ll be something we&#x27;ll all regret.

After this error 504 Gateway Time-out Now 503 Service Unavailable No server is available to handle this request. Not looking good

Why does this link to the verge (garbage clickbait site) and not to the original source of the internet archive?

Hachette Book Group or Hack-it Boot Group?

I hope it will be back again soon

The conspiracy theorist in me wonders what was accidentally copied into the archive that powerful interests want removed and if this is all smoke and mirrors while they make that happen.

&quot;You are all cooked&quot; vibes from that message hahaha

I just received my haveibeenpwned.com email...

Truly unnecessary

Is Internet Archive teh same as Archive.is?

And only weeks before a US election.

Any information on SN_Blackmeta?

The overall state of cybersecurity in 2024 depends to an astonishing degree on Troy Hunt&#x27;s schedule.

They have a Telegram channel and there&#x27;s some blurb about it being pushback on US support of Israel, but it reads as bullshit. Probably a script kiddie.

I was disappointed to discover that <a href="https:&#x2F;&#x2F;haveibeenpwned.com" rel="nofollow">https:&#x2F;&#x2F;haveibeenpwned.com</a> does not report an email as pwned if it is subaddressed&#x2F;plus addressed. myemail@gmail.com is reported as still safe, but myemail+archive@gmail.com is pwned. I wonder if my email has been leaked by any other websites without me knowing.

Considering the hacker&#x27;s motive: <a href="https:&#x2F;&#x2F;x.com&#x2F;Sn_darkmeta&#x2F;status&#x2F;1844358501952618976" rel="nofollow">https:&#x2F;&#x2F;x.com&#x2F;Sn_darkmeta&#x2F;status&#x2F;1844358501952618976</a><p>Is it safe to assume the hacker want to erase the evidence?<p>Forcing the service offline also means they want to prevent people from archiving evidence in the next how-ever-long hours. Combining with the spoken language they used in that video, are they planning some online disinformation campaign?<p>----<p>Edit: some more info about this group: <a href="https:&#x2F;&#x2F;old.reddit.com&#x2F;r&#x2F;technology&#x2F;comments&#x2F;1g0kupb&#x2F;hacktivists_claim_responsibility_for_taking_down&#x2F;lr9kbmo&#x2F;" rel="nofollow">https:&#x2F;&#x2F;old.reddit.com&#x2F;r&#x2F;technology&#x2F;comments&#x2F;1g0kupb&#x2F;hacktiv...</a><p>----<p>This group claims to be pro palestinian and it&#x27;s entirely based on Russia.<p>[<a href="https:&#x2F;&#x2F;therecord.media&#x2F;middle-east-financial-institution-6-day-ddos-attack](https:&#x2F;&#x2F;therecord.media&#x2F;middle-east-financial-institution-6-day-ddos-attack)" rel="nofollow">https:&#x2F;&#x2F;therecord.media&#x2F;middle-east-financial-institution-6-...</a><p>&gt;SN\_BLACKMETA has operated its Telegram channel since November 2023, boasting of DDoS incidents and cyberattacks on infrastructure in Israel, the Palestinian Territories and elsewhere. While all of the group’s messages focus on the Palestinian Territories and perceived opponents to Palestine, many of its posts are written in Russian.<p>&gt;The group’s account on X also shows that it was created by someone in Staraya, a town in Novgorod Oblast, Russia. The account’s initial language was also set to Russian.<p>&gt;The researchers added that analysis of timestamps and activity patterns showed possible evidence that the actors within the group are operating in a timezone “close to Moscow Standard Time (MSK, UTC+3) or other Middle Eastern or Eastern European time zones (UTC+2 to UTC+4).”<p>~~Attacks include pro palestine sites and groups, so~~ take that &quot;pro palestine&quot; with a grain of salt.<p>EDIT: edited for clarity on what is actually in the article and not in outside anonymous sources. If you want to read more, [there&#x27;s a clearer report on one of their attacks and their usual targets.](<a href="https:&#x2F;&#x2F;www.radware.com&#x2F;security&#x2F;threat-advisories-and-attack-reports&#x2F;six-day-web-ddos-attack-campaign&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.radware.com&#x2F;security&#x2F;threat-advisories-and-attac...</a>)

I wouldn&#x27;t be surprised if it has something to do Israel

This is why humanity can&#x27;t have nice things.

In unrelated news, apparently most world leaders in the Internet era, from Thatcher to GHWB to Mitterand to Rabin, expressed great admiration for Vladimir Putin.

So now the data also has off-site third-party archive. Isn&#x27;t this along the goals of organization. It is less likely now to be destroyed in many eventualities.

Deeply disappointing. The only reason I have a IA account is to upload correct book covers to obviously wrong or poor quality books on the Library.

What an asshole, honestly this is a good public service they offer.

Damn I get the notice too

shouldn&#x27;t info about this breach be ON the IA landing page??

Where to see dump data?

solution: MFA

Imagine if we could get rid of passwords. Entirely. Forever.

I mistakenly read HIBP as Half Price Books..wait what?

Now it shows a &#x27;Temporarily Offline&#x27; message

I saw it too

WHY would you attack IA? Whats the point?

I’m feeling extremely conflicted on all of this with IA right now.<p>On one hand, I love IA<p>On the other hand…I’m in a long thread with their support right now on removing old snapshots of a social media account I have. Creeps are actively using the old snapshots to dox me and send me death threats using my PII.<p>It’s incredibly frustrating and IA keeps insisting they cannot do anything about it.<p>A small part of me hoped IA didn’t recover from today because I knew my info would be finally deleted :&#x2F;

What kind of asshole attacks the <i>Internet Archive</i> of all places on the web??

Some people on this planet add such negative value. What does this clown hope to gain, apart from costing us all an incredibly useful shared resource?

“According to their twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands.”<p>A special place in Hell…

huh i thought everyone already knew this

Great. Bunch of pricks. Refuse to remove any of my data they scraped.

They seem to roll out the we&#x27;re being DDOS&#x27;d every time there&#x27;s some other thing happening.