News: 1728523985

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Internet Archive leaks user info and succumbs to DDoS

(2024/10/10)


The Internet Archive had a bad day on the infosec front, after being DDoSed and exposing user data.

On Wednesday afternoon US time the outfit’s digital library Brewster Kahle [1]revealed a DDoS attack had made the site unavailable. The Register understand the outage may have lasted up to five hours, during which time visitors saw only a notification of the incident.

While that was happening, data leak notification service haveibeenpwned (HiBP) [2]posted news of a leak that saw 31,081,179 users’ accounts exposed. Register staff received mails from HIBP that state “The breach exposed user records including email addresses, screen names and bcrypt password hashes.”

[3]

Kahle later [4]confirmed the leak , writing that the service has detected “defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.”

[5]

[6]

The org has disabled the JS library, and is “scrubbing systems , upgrading security.”

Kahle offered no detail beyond that but promised to “share more as we know it.”

[7]

It is unclear if the DDoS and breach are linked.

The Register sought comment from the Archive but had not received a response at the time of publication.

[8]Internet Archive blames 'environmental factors' for overnight outages

[9]Of course the Internet Archive’s digital lending broke the law, appeals court says

[10]Google flushes cached search results forever

[11]Bank of America app glitch zeroes out people's balances

The two incidents continue an unhappy 2024 for the Internet Archive, which has [12]lost a case regarding its right to lend digital assets, gone offline due to [13]power failures , and endured other [14]disruptive DDoS events. ®

Get our [15]Tech Resources



[1] https://x.com/brewster_kahle/status/1844133492453671192

[2] https://haveibeenpwned.com/PwnedWebsites#InternetArchive

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZwdRbjfmiQq7f-id6ODhigAAAQw&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[4] https://x.com/brewster_kahle/status/1844183111514603812

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZwdRbjfmiQq7f-id6ODhigAAAQw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZwdRbjfmiQq7f-id6ODhigAAAQw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZwdRbjfmiQq7f-id6ODhigAAAQw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[8] https://www.theregister.com/2024/07/08/internet_archive_suffers_a_wobble/

[9] https://www.theregister.com/2024/09/05/appeals_court_internet_archive_copyright/

[10] https://www.theregister.com/2024/02/05/google_cache_flushed/

[11] https://www.theregister.com/2024/10/02/bank_of_america_outage/

[12] https://www.theregister.com/2024/09/05/appeals_court_internet_archive_copyright/

[13] https://www.theregister.com/2024/07/08/internet_archive_suffers_a_wobble/

[14] https://www.theregister.com/2024/05/29/ddos_internet_archive/

[15] https://whitepapers.theregister.com/



Don't worry over what other people are thinking about you. They're too
busy worrying over what you are thinking about them.