31 Million User Records Leaked in Internet Archive Hack

Cybercriminals successfully breached the renowned Internet Archive website, stealing the data of 31 million users. On Wednesday, October 9, a pop-up banner appeared on the main domain of the web archive, announcing a “catastrophic security breach.” This incident was later confirmed, and both the site and the Wayback Machine service ceased to function.

The pop-up message read: “Ever felt like the Internet Archive was teetering on the edge of a catastrophic hack? Well, it just happened. Look yourself up on HIBP!” This seemed to refer to the site Have I Been Pwned, a well-known resource in the security field that alerts users to data breaches, implying a massive leak of user information.

Cybersecurity expert Troy Hunt, the founder of HIBP, confirmed the breach. The hackers themselves sent him a 6.4 GB database containing information on 31 million accounts, including email addresses, usernames, and hashed passwords. Users can check on HIBP to see if they have been affected by the leak.

Brewster Kahle, the founder of the Internet Archive, has yet to comment on the situation, though in a recent post, he mentioned an ongoing DDoS attack, noting that the site had been targeted previously. Kahle added that the team is working to restore the website.

The identity of the hacker remains unknown, but The Verge reports that the X account @Sn_darkmeta claimed responsibility for the DDoS attack. In May of this year, the site was also repeatedly attacked, and the same account claimed to have orchestrated it. The hacker justified their actions by stating that the Internet Archive is based in the U.S., and according to them, the U.S. government supports Israeli policies.