Internet Archivea non-profit organization dedicated to digitizing and archiving web pages and other related materials, has suffered a data breach which has resulted in the database with the authentication data of its userswhich contains 31 million records have ended up in the hands of cybercriminals. According to Bleeping Computer, the first news that the organization had suffered this breach began to circulate last Wednesday afternoon, after visitors to the Internet Archive website, archive.org, saw a JavaScript notice created by attackers warning of the breach and data theft.
Apparently, according to the notice, the data of web users is available in the breach notification service Have I Been Pwned (HIBP), to which cybercriminals usually send information obtained from the sites they attack.
Apparently, according to the service’s creator, Internet Archive data arrived at the service nine days ago, in a 6.4 GB SQL file named ia_users.sql. This database contains account access information for registered Internet Archive members, and among other data includes their email addresses, usernames, password change history, passwords hashed with Bcrypt. It has 31 million unique email addresses, and many are subscribed to the HIBP notification service.
For now, this information has not been added to HIBP, although its manager has indicated that it will be included in the coming days. Then, users with an Internet Archive account will be able, by providing their email, to find out if their data has been exposed in this breach.
But in addition to this cyber attack, Internet Archive is experiencing a distributed denial of service (DDoS) attack for several hourswhich is not known if it is related to the security breach. As confirmed by one of the members of the organization, they have been under attack for several hours. Apparently, whoever is launching the attack is doing it for fun, and they don’t know when he will stop doing it.
Foto: drosen7900
