A popup message said the online archive has suffered “a catastrophic security breach,” as its operators say the site has been DDoS’d for days.
On Wednesday afternoon, visitors to The Internet Archive (archive.org) were greeted by an unsettling pop-up, confirming what many had feared: the beloved digital repository had been breached. The website had been defaced via a JavaScript (JS) library vulnerability, and later that evening, Internet Archive founder Brewster Kahle confirmed the worst. A breach had occurred, impacting 31 million accounts, and the attacker had left a grim message:
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
What Is HIBP?
HIBP refers to Have I Been Pwned?, a well-known service where users can check if their personal data has been exposed in previous breaches. Troy Hunt, HIBP’s operator, later confirmed that the data dump contained sensitive information, including email addresses, usernames, password change timestamps, Bcrypt-hashed passwords, and other internal data for 31 million unique accounts. Hunt validated the breach by cross-referencing the data with known user accounts.
In a statement to Bleeping Computer, Hunt revealed that 54 percent of the compromised accounts were already in the HIBP database from prior breaches, which shows the magnitude of this event. He also explained that the Internet Archive breach had been ongoing for days before it was made public. Hunt was first notified of the leak nine days prior, on October 6th, and began the disclosure process in cooperation with the Internet Archive.
Defacement and DDoS Attack
Shortly after the breach was made public, the Internet Archive became the target of a coordinated Distributed Denial of Service (DDoS) attack. Jason Scott, an archivist and software curator for the Internet Archive, reported via Mastodon that the DDoS attack seemed to be carried out with no clear agenda or demands, but simply “because they can.”
The attack caused severe disruption to the site’s services. Visitors encountered placeholders and a message indicating that “Internet Archive services are temporarily offline,” directing them to follow the Archive’s official account on X (formerly Twitter) for updates. For several hours, the site was either unreachable or loaded slowly, adding to the frustration of the community.
What We Know So Far
Later in the evening, Brewster Kahle took to X to share a brief update about the situation:
- The breach involved usernames, emails, and salted-encrypted passwords.
- The defacement occurred through a vulnerability in a JavaScript library.
- The team has taken immediate action to disable the JS library, scrub affected systems, and implement security upgrades.
The identity of the attackers was soon claimed by an X account called “SN_Blackmeta,” which not only boasted about the current attack but also hinted at future plans. The same account also claimed responsibility for a previous DDoS attack on the Internet Archive in May of this year. As of Kahle’s post, the immediate DDoS threat had been mitigated, but the attackers’ threats loomed large.
Community Response and What’s Next
The Internet Archive is a vital resource that holds the collective memory of the web. For decades, it has preserved millions of websites, books, and other media, serving researchers, historians, and everyday users around the world. This breach, therefore, strikes at the heart of a trusted institution in the digital preservation space.
As news of the breach spread, the online community expressed shock and concern. Many wondered about the future security of the Archive, while others rushed to check their personal information on HIBP. The Archive’s resilience has been tested before, but this event represents one of its most significant challenges yet. With the attackers showing no clear motive and issuing cryptic threats of further disruption, the Internet Archive’s future security posture will likely undergo significant scrutiny.
In the meantime, the Internet Archive team continues to work on restoring full functionality and ensuring that the affected users are informed. “We’re upgrading our security and doing everything we can to ensure this doesn’t happen again,” Kahle reassured.
For now, visitors will need to keep an eye on the Archive’s updates, while impacted users are urged to check their credentials on Have I Been Pwned?, and follow standard security practices like changing passwords and enabling two-factor authentication where possible.
Stay Vigilant
This breach underscores a painful reality: no organization, no matter how important, is immune to cyberattacks. It’s a reminder to all of us to stay vigilant, to ensure our accounts are secure, and to support institutions like the Internet Archive as they weather these challenges.
As we await more details from Kahle and his team, the incident serves as a stark wake-up call about the fragility of our digital infrastructure. The Internet Archive may be “under attack,” but the mission it serves—to preserve the digital past—has never been more critical.
