Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Privacy Security The Internet

Internet Archive Suffers 'Catastrophic' Breach Impacting 31 Million Users (bleepingcomputer.com) 14

Posted by BeauHD from the temporarily-offline dept.
BleepingComputer's Lawrence Abrams: Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," reads a JavaScript alert shown on the compromised archive.org site. The text "HIBP" refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.

Hunt told BleepingComputer that the threat actor shared the Internet Archive's authentication database nine days ago and it is a 6.4GB SQL file named "ia_users.sql." The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data. Hunt says there are 31 million unique email addresses in the database, with many subscribed to the HIBP data breach notification service. The data will soon be added to HIBP, allowing users to enter their email and confirm if their data was exposed in this breach.

Internet Archive Suffers 'Catastrophic' Breach Impacting 31 Million Users More | Reply

Internet Archive Suffers 'Catastrophic' Breach Impacting 31 Million Users

Comments Filter:

  • "Yep, I’m aware, more soon"

  • Is this the new euphemism for Russian counterintelligence? Why not just say so? Journalists should write clearly.
    • Could be the Chinese, Iranians, or any of the other dozens of countries that we've pissed off enough to do it, or some non-state actor from any of dozens of other countries poor enough where cybercrime pays better than any honest job and the government doesn't care about stopping it so there's very little detriment to engaging in it. I wouldn't assume that we necessarily know who's responsible and even if we do there may not be any upside to us advertising the fact if we can't actually do anything about it.
      • ..and why would you two assume its an enemy of america, exactly?

        got some teem forming political dick in your mouths?

      • Re: (Score:2)

        by Moryath ( 553296 )
        More likely, a paid actor operating on behalf of one of the copyright mafia-cartels.

    • Russians? I was told they need washing machine microcontrollers to support their antiquated army populated by drunks?
      Or do you regularly see Russians behind every banal event that has a dozen other much more likely answers?

  • Well, anyway...

    Hashed passwords and email addresses. If you don't reuse passwords, no problem.

Slashdot Top Deals

The Tao is like a stack: the data changes but not the structure. the more you use it, the deeper it becomes; the more you talk of it, the less you understand.

Close