Connect with us

Hi, what are you looking for?

Reviews

Significant Data Exposure at Internet Archive’s Wayback Machine Affects User Privacy

Image Source: mayam_studio / Shutterstock

The Internet Archive recently faced a hacking incident that has resulted in the unauthorized access of credentials for 31 million users.

Important to note: The Internet Archive is a nonprofit organization focused on preserving digital content that is at risk of being lost. Google has started integrating links to the archive within its search results.

Internet Archive’s Wayback Machine suffers data breach, user information compromised

Users visiting The Wayback Machine yesterday encountered a message stating: “Have you ever had the feeling that the Internet Archive operates on sticks and is always close to a major security breach? It just occurred. See 31 million of you on HIBP!”

For those unfamiliar, HIBP stands for Have I Been Pwned, a widely recognized breach notification service. BleepingComputer reports that its founder, Troy Hunt, informed the blog that the hackers submitted the compromised authentication database to the service nine days ago.

The Internet Archive was alerted by Hunt three days prior, but it reportedly did not respond. Users can check if their email addresses have been impacted by this breach by visiting https://haveibeenpwned.com/.

The compromised data includes email addresses, usernames, and timestamps for password modifications, among other details. However, there is no immediate cause for alarm; users may opt to reset their passwords. The report indicates that the actual passwords were not exposed, with only Bcrypt-hashed passwords (one-way salted hashes) being compromised, a detail supported by cybersecurity expert Scott Helme.

Nevertheless, the breach entails the theft of 31 million unique email addresses, raising significant alarm. This incident serves as a reminder of the importance of using email alias services, such as Simple Login, Firefox Relay, and DuckDuckGo’s Email Protection. Many of these services, which offer both free and premium options, conceal users’ actual email addresses and provide an alias to shield against spam and security breaches. Any communications sent to the alias are forwarded to the user’s real inbox without disclosing their actual address.

Advertisement. Scroll to continue reading.
AIAD

The specifics of how the Internet Archive was compromised remain unknown. The site had recently suffered a DDoS attack from the BlackMeta hacktivist group, which claimed that they had been assaulting the site for over five hours and planned to continue. Currently, the website appears to be operating normally.

In related news, the Internet Archive faced a setback in its legal dispute with Hachette when the US Court of Appeals for the Second Circuit determined that its digital archive violated copyright law. The Archive argued that its lending library was in alignment with the fair use doctrine, which allows for some copyright infringements under certain circumstances; however, the court rejected this claim. (via Wired)

For context, the Internet Archive’s National Emergency Library played a critical role during the COVID-19 pandemic by providing access to many individuals, including students, when physical books were difficult to access. This initiative offered scanned copies of physical books via the Open Library. However, it faced criticism from publishers who claimed it facilitated the piracy of copyrighted material, ultimately leading to legal action against the Internet Archive. Although the Archive lost the case, the court did recognize its nonprofit status.

This data breach raises questions regarding its motivations. Consider the case of a ransomware group targeting a hospital. As a nonprofit public resource, what could be the reasoning behind such a hack? If the security of the site was indeed deficient, why not inform the organization or assist in addressing the vulnerabilities? It is also important to note that the compromised user data may be exploited for cross-referencing and breaching other services. Nonetheless, this attack stands out as hackers typically focus on commercial targets.

Image Source: mayam_studio / Shutterstock

You May Also Like

Reviews

Apple has officially launched its Apple TV+ streaming application for Android devices, marking a significant step beyond its usual hardware-focused ecosystem. This initiative aims...

Reviews

In late December 2024, Microsoft acknowledged a new challenge affecting Windows 11 that prevented updates from being installed on select devices. Although this problem...

Reviews

Google is currently piloting a new “AI Mode” within its Search platform, aimed at incorporating conversational artificial intelligence more seamlessly into the user experience....

Reviews

Apple has taken decisive action by removing 11 applications from its App Store after a report from cybersecurity company Kaspersky flagged these apps for...