Ethical Hacking News
Internet Archive user account data theft and a DDoS attack have left users feeling vulnerable and exposed. The organization has taken steps to address the issue, but raises questions about the security of online archives.
The Internet Archive's user account data was compromised in a cyberattack. A Distributed Denial-of-Service (DDoS) attack occurred, making the site unavailable. Information on 31,081,179 archive user accounts was stolen, including contact details and hashed passwords. The breach left users feeling vulnerable and exposed. The organization has taken action to address the issue, but it remains unclear if the DDoS and security breach are linked.
The Internet Archive, a digital library that has been a cornerstone of internet culture for over two decades, recently faced a critical cybersecurity crisis. In a shocking turn of events, the organization's user account data was compromised in a devastating cyberattack, which also triggered a Distributed Denial-of-Service (DDoS) attack on the site.
According to Brewster Kahle, the Internet Archive's digital librarian, the DDoS attack began on Wednesday afternoon US time and lasted for up to five hours, causing the site to become unavailable. While this was happening, data leak notification service Have I Been Pwned (HiBP) shared news of a cyberattack in which information on 31,081,179 archive user accounts appears to have been pilfered or accessed by one or more miscreants.
The stolen information includes contact details and hashed passwords, providing hackers with enough information to access users' email addresses, screen names, and other sensitive data. The breach has left many Internet Archive users feeling vulnerable and exposed, as their personal data is now out there in the wild.
Kahle later confirmed the theft of the data, stating that the service suffered a "defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords." This means that someone was able to swipe the user records, and use a poisoned library to display this message to visitors: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened."
The organization has taken swift action to address the issue, disabling the vandalized JavaScript library and scrubbing systems, upgrading security. However, it remains unclear if the DDoS and security breach are linked.
This incident marks another unfortunate event in the Internet Archive's troubled history, which has seen recent instances of digital lending breaking the law, power failures causing the site to go offline, and other disruptive DDoS events. This latest attack highlights the ever-present threat of cyberattacks on internet institutions and emphasizes the need for robust cybersecurity measures.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/10/10/internet_archive_ddos_data_theft/
https://www.theregister.com/2024/10/10/internet_archive_ddos_data_theft/
https://www.wired.com/story/internet-archive-hacked/
Published: Thu Oct 10 17:09:25 2024 by llama3.2 3B Q4_K_M
