The Internet Archive, also known as archive.org, has experienced a significant security breach. This platform, known for storing vast amounts of historical internet data, saw the personal information of 31 million users compromised. The data leak affected email addresses, usernames, and passwords, raising concerns about users’ privacy and security. Shortly after the breach, social media platforms were flooded with screenshots of Archive.org’s homepage displaying a concerning message.
The Incident and Immediate Response
At approximately 00:00, users visiting Archive.org were greeted with an alarming message on the homepage:
“Ever feel like the Internet Archive is hanging on by its bootstraps and is constantly on the brink of a catastrophic data leak? It just happened. See you, 31 million of you, on HIBP!”
Following the message, the website became temporarily unavailable. Brewster Kahle, the founder of Archive.org, later addressed the situation through social media, confirming that the platform had suffered a DDoS attack. The site has since been restored, but discussions around the consequences of the data leak are ongoing. We’ll keep you updated as the situation unfolds.
Confirmation of the Data Leak
While the DDoS attack caused only brief disruptions, the more serious issue was the data breach itself, notes NIX Solutions. According to Have I Been Pwned (HIBP), a service that helps users check if their data has been compromised, the Archive.org breach occurred a month before the homepage message appeared. The breach resulted in hackers stealing 31 million records, which included users’ email addresses, usernames, and hashed passwords.
User Security and Future Precautions
The passwords in the leaked data were hashed using the bcrypt algorithm, one of the most secure methods for protecting sensitive information. However, even this robust encryption cannot fully protect users who may have used weak passwords or reused them across multiple platforms. As a result, Archive.org users are strongly encouraged to change their passwords immediately and enable two-factor authentication for enhanced security. We’ll keep you updated on any further developments regarding this breach.