Internet Archive, one of the web’s most beloved digital library websites, has been the target of multiple cyberattacks that compromised the information of 31 million users.
The series of unfortunate events for the nonprofit began on Oct. 8 when Internet Archive founder and Digital Librarian Brewster Kahle took to X, formerly known as Twitter, to reveal that the website was the target of a distributed denial-of-service (DDoS) attack and that it was working to restore services.
Kahle later that day announced in a post that the attackers, which he dubbed “library lovers,” had “gone away.” However, the following day he disclosed via X that the attacker repeated the DDoS attack on the website. According to The Verge, users who attempted to access the website that day were greeted with the following alert:
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP [Have I Been Pwned]!”
Troy Hunt, the creator of the online search tool, confirmed to Bleeping Computer that the malicious actor shared the Internet Archive’s authentication database—which contained the email addresses, screen names, password change timestamps, and other internal data of registered users—nine days prior. In an X post, he shared that he alerted the platform about the stolen data three days before the website was defaced.
While Hunt, in his X post, speculated that there were multiple attacks executed against the popular web archive website by multiple parties, pro-Palestinian hacktivist group BlackMeta alleged on X that it was the mastermind behind the “devastating” attacks and that it would continue to hurl more cybercrimes the nonprofit’s way.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“We believe that highlighting the plight of innocent Palestinian people is essential, and targeting a significant digital resource like the Internet Archive serves to underscore the importance of their story and experiences,” the group wrote.
In an Oct. 9 X post, Kahle confirmed that the malicious actor was able to deface the website through a JavaScript library and claimed that the Internet Archive thwarted the new DDoS attack. He added that the nonprofit disabled its JavaScript library, scrubbed systems, and upgraded security. However, Kahle posted the following day that the “DDoS folks” were back and that the nonprofit’s Archive and Open Library websites were down.
By the end of the week, things started to lighten up for the digital library website. On Oct. 11, Kahle posted that the organization’s data was safe. Earlier this week, Kahle shared in an update that the Internet Archive’s Wayback Machine was available in a “read-only manner” and that the organization was working on bringing other services back online.
Another one. Unfortunately, this is not the Internet Archive’s first rodeo when it comes to DDoS attacks. The nonprofit disclosed in a blog post that it was the target of a DDoS attack earlier this year.
The DDoS method is becoming more popular among threat actors. According to a recent Gcore Radar report, there were 445,000 DDoS attacks in the second quarter of 2024, a 50% increase from the same period a year ago.
Hacktivism is also on the rise. IT Brew previously reported that hacktivist attacks accounted for 35% of all global attacks in April 2023.