{"id":132571,"date":"2024-10-14T14:39:53","date_gmt":"2024-10-14T18:39:53","guid":{"rendered":"https:\/\/rbach.net\/?p=132571"},"modified":"2024-10-21T09:35:09","modified_gmt":"2024-10-21T13:35:09","slug":"data-breach-hits-internet-archive-users","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/data-breach-hits-internet-archive-users\/","title":{"rendered":"Data Breach Hits Internet Archive Users"},"content":{"rendered":"\r\n

Updated<\/strong>\u201410\/21\/2024\u2014The Verge<\/a><\/em> reports<\/a> that the Internet Archive is under the influence of attackers.\u00a0 Despite being back online in Read Only mode, it seems the attackers control the IA help desk.\u00a0 According to reports, the attackers have a Zendesk token<\/a> and can intercept\u00a0tickets.<\/p>\r\n

—<\/p>\r\n

Updated<\/strong> – 10\/16\/2024 – TechRadar<\/a><\/em> reports that the attack used two attack vectors<\/strong>: TCP reset floods and HTTPS application layer attacks.\u00a0 The TCP flood<\/strong> will flood a victim with vast numbers of Transmission Control Protocol (TCP) reset packets, which trick a computer into terminating its connection with others in its network.\u00a0 An HTTPS application layer attack<\/strong> will typically aim to overwhelm servers by targeting the application layer to disrupt the normal traffic flow, rendering regular services unavailable.<\/p>\r\n

—<\/p>\r\n

\"Data<\/a>The non-profit Internet Archive<\/a><\/strong> has been offline<\/strong> since Tuesday (10\/09\/2024).\u00a0 Founded in 1996, the Internet Archive digital library provides “universal access to all knowledge.” Through the Wayback Machine<\/a>, it preserves billions of webpages<\/strong>, texts, audio recordings, videos, and software applications.<\/p>\r\n

Internet Archive founder Brewster Kahle<\/a> posted on X (formerly Twitter) that the site was under a DDoS attack<\/a><\/strong>.<\/p>\r\n

\"Internet<\/a><\/p>\r\n

Later on Tuesday, the attack evolved.\u00a0 The site started displaying a hacker pop-up notification.\u00a0 After closing the message, the site loaded typically but very slowly.\u00a0 The pop-up said:<\/p>\r\n

\"JavaScript<\/a><\/p>\r\n

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach?\u00a0 It just happened.\u00a0 See 31 million of you on HIBP!”<\/p>\r\n


HIBP refers to Have I Been Pwned?<\/a><\/strong>, a website where people can check to see if their information has leaked from cyber attacks.<\/p>\r\n

Finally, the pop-up was gone, along with the rest of the site, leaving only a placeholder message saying:<\/p>\r\n

“Internet Archive services are temporarily offline.”<\/p>\r\n

Stolen Internet Archive data<\/h3>\r\n

\"Stolen<\/a>On September 28, 2024, attackers stole the site’s user authentication database<\/strong> with 31 million unique records.\u00a0 Bleeping Computer<\/u><\/a><\/em> confirmed that Have I Been Pwned<\/em> had received an “ia_users.sql” database file containing authentication information for registered members<\/strong>, including their email\u00a0addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.<\/p>\r\n

Who is responsible<\/h3>\r\n

\"Who<\/a>The hacktivist<\/strong> group SN_BlackMeta<\/strong>, which emerged in November 2023, claimed responsibility for the DDoS attack.\u00a0 Cybersecurity firm Radware connected<\/a> SN_BlackMeta to a pro-Palestinian<\/strong> hacktivist movement that utilizes DDoS-for-hire services<\/a> like InfraShutdown<\/a>.\u00a0 SN_BlackMeta has launched other cyberattacks, including a record-breaking DDoS attack against a Middle Eastern financial institution.<\/p>\r\n

It’s unclear if they are involved in the Internet Archive data breach.\u00a0 The group said<\/u><\/a> that it carried out the DDoS attack because the United States supports Israel<\/strong> and that the Internet Archive “belongs to the USA.”<\/p>\r\n

Many social media users quickly pointed out that the Internet Archive is an independent non-profit organization not affiliated with the U.S. government.<\/strong><\/p>\r\n

Internet Archive Back online – sorta<\/h3>\r\n

10\/14\/2024, it is back in a limited read-only<\/strong> way<\/p>\r\n

\"Internet<\/a><\/p>\r\n

rb-<\/em><\/strong><\/h3>\r\n

Finally, what do you need to do if you have an account at the Internet Archive?<\/em><\/p>\r\n

A compromised password is always a concern in any breach.\u00a0 But in this case, the passwords were salted and hashed, making them difficult to crack through reverse engineering or brute force.\u00a0 Still, once the Internet Archive returns, you should change your password to be safe.<\/em><\/p>\r\n

Related article<\/strong><\/p>\r\n