10 de octubre de 2024

Massive Breach at Internet Archive's Wayback Machine - Millions of user records compromised

The Internet Archive has been hacked. The data breach has resulted in the theft of credentials of 31 million users.

Good to know: The Internet Archive is a non-profit organization that aims to preserve content that would otherwise be lost forever. Google's started to add links to the archive in Google Search.

Internet Archive's Wayback Machine hacked, and user data stolen

Users who visited The Wayback Machine yesterday were greeted by a message on the website which read as follows: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!

Internet Archive's Wayback Machine hacked, and user data stolen

(Image credit: BleepingComputer)

For those unaware, HIBP refers to the popular website, Have I Been Pawned. BleepingComputer reports that Troy Hunt, who created HIBP told the blog that the attackers had shared the stolen authentication database with the breach notification service 9 days ago.

The Internet Archive was notified 3 days ago by Hunt, by the San Francisco based non-profit did not respond to him. You can visit https://haveibeenpwned.com/ to check if your email address has been leaked by the Internet Archive data breach.

The data that has been compromised includes the email addresses, usernames, password change timestamps, etc. But, I wouldn't panic just yet, I mean reset your password if you want to. But it appears the passwords were not stolen, because the report only mentions Bcrypt-hashed passwords (one-way salted passwords) were compromised, which was later confirmed by cybersecurity researcher Scott Helme.

It is unclear how the Internet Archive was breached by the attackers. The website suffered a DDoS attack by the BlackMeta hacktivist group, which bragged that it had been doing so for over 5 hours, and that it would keep conducting the attacks. For what it's worth, the website seems fine now.

On a side note, the Internet Archive lost its legal battle against Hachette, when the US Court of Appeals for the Second Circuit ruled that the digital archive violated copyright law. The Internet Archive had appealed that its lending library adhered by the fair use doctrine that allows copyright infringement in certain scenarios. The court rejected the argument. (via Wired)

Here's some context, the Internet Archive's National Emergency Library aided many people, including students during the COVID-19 pandemic, when they could not access books. They could use the Open Library to access scanned versions of physical books. This however raised concerns among publishers, who criticized it as piracy of copyrighted material, and soon filed a lawsuit against the Internet Archive. Unsurprisingly, the Internet Archive lost the case, but the court did recognize it as a non-profit operation.

That's why this data breach doesn't make sense to me. Do you remember when a ransomware gang targeted a hospital? The Internet Archive is a non-profit organization, it is essentially a public service. What point are the hackers trying to prove? If they found the security of the site to be terrible, why not just alert them or help fix the problems? Of course, there is the fact that user data was taken, which could potentially be used could use for cross-checking and breaching other services. But still, it's an unusual attack because the usual targets are businesses.

Thank you for being a Ghacks reader. The post Massive Breach at Internet Archive's Wayback Machine - Millions of user records compromised appeared first on gHacks Technology News.



☞ El artículo completo original de Ashwin lo puedes ver aquí

No hay comentarios.:

Publicar un comentario