pwshub.com

Internet Archive user info stolen in attack, hit by DDoS

2 hours ago

The Internet Archive had a bad day on the infosec front, after being DDoSed and having had its user account data stolen in a security breach.

On Wednesday afternoon US time the outfit’s digital librarian Brewster Kahle revealed a DDoS attack had made the site unavailable. The Register understands the maliciously caused outage may have lasted up to five hours.

While that was happening, data leak notification service Have I Been Pwned (HiBP) shared news of a cyberattack in which information on 31,081,179 archive user accounts appears to have been pilfered or accessed by one or more miscreants.

That info includes contact details and hashed passwords.

Register staff received mails from HIBP that state: “The breach exposed user records including email addresses, screen names and bcrypt password hashes.”

Kahle later confirmed the theft of the data, adding the service suffered a “defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.”

Meaning someone was able to swipe the user records, and use a poisoned library to display this message to visitors: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened."

The org has disabled the vandalized JavaScript library, and is “scrubbing systems, upgrading security.”

Kahle offered no detail beyond that but promised to “share more as we know it.”

It is unclear if the DDoS and security breach are linked.

The Register sought comment from the online archive but had not received a response at the time of publication.

  • Internet Archive blames 'environmental factors' for overnight outages
  • Of course the Internet Archive’s digital lending broke the law, appeals court says
  • Google flushes cached search results forever
  • Bank of America app glitch zeroes out people's balances

The two incidents continue an unhappy 2024 for the Internet Archive, which has lost a case regarding its right to lend digital assets, gone offline due to power failures, and endured other disruptive DDoS events. ®

Source: theregister.com

Related stories
1 month ago - Background check company National Public Data admitted it exposed information like phone numbers, addresses and Social Security numbers to hackers.
22 hours ago - 31 million users' usernames, email addresses and salted-encrypted passwords are out there The Internet Archive had a bad day on the infosec front, after being DDoSed and exposing user data.…
1 month ago - Resources hosted at Tencent Cloud involved in Cobalt Strike campaign Chinese web champ Tencent's cloud is being used by unknown attackers as part of a phishing campaign that aims to achieve persistent network access at Chinese entities.…
2 weeks ago - Maybe a spell in a French cell changed Durov's mind In a volte-face, Telegram CEO Pavel Durov announced that the made-in-Russia messaging platform will become a lot less cozy for criminals.…
7 hours ago - The Internet Archive, a nonprofit digital library that preserves the history of the internet and is home to the beloved Wayback Machine, has suffered a major data breach affecting 31 million users. The incident came to light when visitors...
Other stories
21 minutes ago - CPUs bring Core Ultra features to desktops, with similar performance caveats. Intel's...
21 minutes ago - Headspin power move is showy but can lead to hair loss, inflammation, and bulging scalp.
51 minutes ago - Keep your space cool on a budget with one of the best portable air conditioners on the market. All units tested by our CNET experts.
51 minutes ago - A queen mattress is a popular mattress size for couples, all sleeping positions and body types. Here are the best queen mattresses for all sleepers.
51 minutes ago - ADT is known for its reliable home and business security, and it's now offering Google Nest gear to sweeten the deal.