Internet archive hacked – data of 31 million users stolen

The Internet Archive, or archive.org, a unique platform that preserves the entire history of the Internet, was subject to a hacker attack, which led to data leakage of 31 million users. The leak affected email addresses, usernames and passwords. Shortly after the incident, social media users began actively sharing screenshots of the Archive.org home page, where the alarming message appeared.

Image source: abbiefyregraphics/Pixabay

Around 00:00 Moscow time, users saw the following message on the main page of Archive.org: “Have you ever thought that the Internet Archive is kept on its word of honor and is constantly on the verge of a catastrophic data leak? It just happened. See you, 31 million of you, at HIBP!”

Image source: Archive.org

After publishing this message, the site was temporarily unavailable. Later, Brewster Kahle, founder of Archive.org, reported via social media that the platform had suffered a DDoS attack. The site has restored its operation, but discussions about the consequences of the leak continue.

While the DDoS attack caused brief disruptions, it was the data breach confirmed by Have I Been Pwned (HIBP), an online service that helps users check whether their data has been compromised, that caused the most controversy. HIBP confirmed that the Archive.org hack occurred a month ago. As a result, hackers stole 31 million records containing email addresses, usernames and hashed passwords.

The bcrypt algorithm, which was used to hash passwords, is considered one of the most reliable methods of data protection. However, even its use does not guarantee complete security if users chose weak passwords or used them on other platforms. As a result, Archive.org users are encouraged to immediately change their passwords and enable two-factor authentication to further secure their accounts.