The world’s most famous digital library has suffered a series of cyber-attacks that rendered its site, including its Wayback Machine, temporarily unavailable and exposed the data of 31 million users.
On October 8, 2024, Internet Archive founder, Brewster Kahle, confirmed on X that archive.org was hit by a distributed denial-of-service (DDoS) attack before announcing a few hours later that it was back online.
However, a JavaScript alert later appeared on the site, saying, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
HIBP refers to data breach notification service Have I Been Pwned, created and maintained by security researcher Troy Hunt.
BlackMeta Hacktivists Claim DDoS Attack
On October 9, the BlackMeta hacktivist group claimed it was behind the first DDoS attack and announced it would launch a second one. Kahle later confirmed the second attack.
The BlackMeta’s social media account claims several attacks on companies linked to the US or “supporting Israel.”
The Internet Archive is a non-profit based in the US, with no links to the US federal government.
Defacement and Data Breach Confirmed by Internet Archive Founder
Also on October 9, Hunt’s website posted a new entry confirming that the Internet Archive suffered a data breach on September 28 that exposed 31,081,179 unique records, including email addresses, screen names and bcrypt password hashes.
The next day, Kahle confirmed that the website was also hit by a defacement “via JavaScript library” and suffered a breach exposing usernames, email addresses and salted-encrypted passwords.
“What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it,” he added on X.
Any link between the DDoS attacks and the breach remains unknown.
Heightened DDoS Threat
It is not the first time a major DDoS attack has targeted the Internet Archive in 2024, with the digital library also forced offline in May.
Donny Chong, director at Nexusguard, commented: “We’re witnessing a concerning shift where it's not just businesses or traditional critical national infrastructure at risk of DDoS attacks. Hacktivists are launching more powerful and destructive attacks that affect a broader range of people.”
In early October, content delivery service provider Cloudflare said it mitigated a hyper-volumetric DDoS attack (3.8 terabits per second), which it claimed was the largest ever disclosed publicly by any organization.