Categories:

The Internet Archive Faces Data Breach, Exposing Millions

Byline photo of Soeun Lee
Soeun Lee, Senior Staff Writer
October 24, 2024
The Internet Archive Faces Data Breach, Exposing Millions

On October 20, The Internet Archive—a non-profit organization striving to provide free digital media access to users—announced another security breach. The event marked the third data breach in the series of consequent cyber attacks during this past month. The consequences included 31 million users’ personal information being leaked and the platform being inaccessible to users, NPR reports.

The first DDoS (Distributed Denial of Service) attack was performed on Memorial Day weekend in May 2024. The timing was likely planned because many Internet Archive employees were on vacation, which is a common strategy for hackers. When employees are on vacation, in some jurisdictions, it is illegal for companies to contact them. Thus, the Memorial Day weekend was an evident choice for hackers to penetrate the system since less people would be available to restore the platform.

Most DDoS attacks from May were mitigated and controlled by the end of the month, but on October 9, another security breach occurred on a grander scale. Once users tried to access the website, they received a JavaScript alert that read, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” according to 9to5Mac. HIBP is an acronym for “Have I been Pwned?,” a security site that allows users to look up whether their personal information had been stolen by gathering information on security leaks. The database that was stolen by the hackers was 6.4 gigabytes, containing everything from users’ email addresses, usernames, timestamps of when passwords were altered, and other crucial Internet Archive data.

During the recovery process, the Internet Archive neglected to change all previous credentials, allowing hackers to gain access to its system repeatedly. On October 20, users received a message from the hacker impersonated as the Internet Archive, expressing their frustration at Internet Archive’s inability to control the situation, as quoted by How to Geek: “It’s dispiriting to see that even after being made aware of the breach weeks ago, Internet Archive has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets. Whether you were trying to ask a general question or requesting the removal of your site from the Wayback Machine, your data is now in the hands of some random guy. If not me, it’d be someone else.”

To clarify the message, GitLab is a platform “used by developers to manage and host code” and “during the first Internet Archive breach on October 9, one of the stolen tokens belonged to GitLab, giving hackers access to the Internet Archive’s development systems,” as defined by Forbes.

This message raises concerns for users because when users request to delete their past data on the platform, they are often required to submit personal identifying information, such as passports. Hence, if the hackers gain access to the email attachments, they have all the information needed to identify a specific individual.

While no one has publicly admitted to performing the breach, some speculate that the reasoning behind the breach is linked to Internet Archive’s court case from September 2024 regarding copyright laws, Bleeping Computer describes. Nevertheless, hackers were able to easily break into the Internet Archive’s system due to the unrotated access tokens. “These tokens, which act as digital keys, were supposed to have been secured after earlier warnings but remained exposed,” according to Forbes.

In the wake of the breach, people have been advocating on social media with the phrase, “I stand with @internetarchive.” Currently, the public is more inclined towards the Internet Archive and its mission. As more attention is being drawn to the continuing breaches, it leads onlookers to wonder about the future of the Internet Archive in the coming weeks. 

Print this Story
Tags:
More to Discover
More in News
Why Are Tensions Between India and Canada Rising?
Why Are Tensions Between India and Canada Rising?
North Korean Troops Deployed in Russia Spark Concern over Involvement in Ukrainian War
North Korean Troops Deployed in Russia Spark Concern over Involvement in Ukrainian War
The Japanese flag. (Credits: PICRYL)
Bedlam at Japan’s 2024 Parliamentary Elections
TikTok Stars Peanut the Squirrel and Fred the Raccoon Euthanized after Concerns of Rabies
TikTok Stars Peanut the Squirrel and Fred the Raccoon Euthanized after Concerns of Rabies
Trump Becomes the 47th President of the U.S. after Winning the 2024 Presidential Election
Trump Becomes the 47th President of the U.S. after Winning the 2024 Presidential Election
Wildfire in New York
Wildfires in New York and New Jersey Continue to Burn
More in Showcase
Here’s Who Is Set to Join Trump’s Second-Term Administration
Here’s Who Is Set to Join Trump’s Second-Term Administration
Girls Varsity Soccer Team Achieves First Winning Season in 10 Years
Girls Varsity Soccer Team Achieves First Winning Season in 10 Years
Christmas: When Should You Start Preparing for It?
Christmas: When Should You Start Preparing for It?
Kav and Kay's High School Soundtrack
Kav and Kay's High School Soundtrack
The Seven States That Determine the 2024 Presidential Election
The Seven States That Determine the 2024 Presidential Election
What's So Special About Opinion Writing?
What's So Special About Opinion Writing?