look news india
Cyber attack on Internet Archive: A pro-Palestine activist site has claimed responsibility for a major cyberattack on the Internet Archive, exposing the personal data of 31 million users. Email addresses, screen names and encrypted passwords were compromised in the attack, prompting cybersecurity experts to urge users to change their passwords immediately. The revelations have raised concerns about data privacy and the security of the popular digital library, which is famous for its Wayback Machine.
In this cyber attack, which came to light on October 9, details of millions of users were exposed by taking advantage of the JavaScript (JS) library on the Internet Archive website. A pop-up message on the site warned people, 'Do you think the Internet Archive walks on a stick and is constantly on the verge of experiencing a terrible security breach? This has happened. See 31 million of you on HIBP.' The message refers to the 'Have I Been Pondered' (HIBP) service, which helps users determine if their data has also been compromised.
Data of 31 crore people stolen!
The database shared with cybersecurity experts also included 31 million email addresses, screen names, passwords and other internal data. Have I Been Pond founder Troy Hunt confirmed that they recovered a 6.4 GB database file from the attackers.
Internet Archive provided answer
Internet Archive founder Brewster Kahle has acknowledged the breach and ongoing distributed denial-of-service (DDoS) affecting the platform. In a post on X, Kahle said, 'What do we know? At present the DDoS attack has been postponed. Users' names/emails/salted-encrypted passwords were compromised by a JS library to deface our website. What we did: disabled the library, wiped the system, upgraded security, as we knew we would share various information.'
Despite initial efforts to stop the attack, the Internet Archive's website, Archive.org, and its backup machine remain inaccessible from time to time. The organization is investigating systems and upgrading security in response to the breach.
sn_blackmeta took responsibility
The “SN_BlackMeta” account claimed responsibility for both the data breach and the DDoS attack. Due to which the Internet Archive often goes offline. He said that our operation lasted for five hours and we were carrying out a very successful attack. The X post noted that, 'The Internet Archive has been and is being viciously attacked. We have been carrying out several successful attacks for the last five hours and till now all their systems have been completely shut down.
SN_Blackmeta has previously attacked Middle Eastern financial institutions and is linked to the pro-Palestinian hacktivist movement.
A public note attached to the post cited the group's claim that they removed the Internet Archive because it 'supports America…Israel.' Which is not a fact. The archive does not belong to the US government. It's a non-profit organization that includes many resources about Palestine that we can no longer access because of this attack.'
