The Internet Archive experienced a catastrophic hack this week, exposing 31 million accounts and taking the archive completely offline. The Wayback Machine is down, as are the preserved recordings from old 78 rpm records that landed the foundation in a legal dispute with seven record companies.
The hack was first noticed by netizens on Wednesday evening, as visitors were greeted with a pop up stating, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
The HIBP refers to the website Have I Been Pwned? which tracks data breaches and allows users to see if their personal information has been compromised. Internet Archive founder Brewster Kahle confirmed the attack. The site stopped loading on Thursday and now anyone visiting the Internet Archive is greeted with a message, “The Internet Archive services are temporarily offline” with a redirection to social media for updates.
Brewster Kahle confirmed on Twitter/X that the attack was a DDOS and a “defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.” The owner of HIBP, Troy Hunt, confirmed he received a 6.4GB database with the contents of the Internet Archive’s user accounts. The timestamp on the data is from September 28, 2024 which is likely when the hack started.
The hacking group SN_BlackMeta soon took responsibility for the attack, saying it launched highly successful attacks on the Internet Archive and would continue to do so. The Internet Archive preserves billions of webpages, texts, audio recordings, and other digital resources. It was at the front of a lawsuit filed by seven record companies over the preservation of old 78 rpm records that were digitized and made available to listen on the site. Now those records have been taken offline, along with 20+ years of internet history.