The victims of this data breach go way back! See what I did there? 😉 Seriously, though, the Internet Archive breach has impacted a lot of users.

As reported by Rob Robinson in his excellent ComplexDiscovery blog (Internet Archive Breach Exposes 31 Million Accounts: Cybersecurity Challenges Ahead, available here), the Internet Archive, known for its comprehensive digital library and the widely utilized Wayback Machine, recently fell victim to a significant data breach that compromised the accounts of approximately 31 million users. This incident exposed sensitive user data, including email addresses, usernames, and bcrypt-hashed passwords, revealing critical vulnerabilities even within institutions dedicated to digital preservation.

The founder of the Internet Archive, Brewster Kahle, publicly addressed the breach via the social media platform X. He confirmed that the incident was part of a larger cyberattack, which included a Distributed Denial-of-Service (DDoS) assault that temporarily rendered the organization’s site inaccessible. The situation was further complicated by the involvement of a hacker group known as SN_Blackmeta, who claimed responsibility for the DDoS attacks. While their role in the data breach remains unconfirmed, the timing of the DDoS attacks coinciding with the breach’s disclosure has led to speculation about a broader coordinated effort.

The breach’s disclosure was initially dramatized by a pop-up from a purported hacker claiming a “catastrophic security breach.” This claim was later substantiated when the theft of user data was confirmed, underscoring the severity of the incident.

Thankfully, the Internet Archive has now partially resumed operations. The site is currently functioning in a provisional, read-only state, marking a significant step in recovery efforts since it went offline on October 9th. Users can now access the Wayback Machine to search through its vast archive of 916 billion web pages. However, the ability to capture new web pages into the archive remains temporarily suspended.

Ironically, Google just recently started adding links to archived websites in the Wayback Machine after removing its own cached pages links earlier this year. Perhaps that made the Wayback Machine a more visible target? Regardless, in this Cybersecurity Awareness Month, the Internet Archive team is more aware today of their cybersecurity challenges. Hackers are pretty good at finding those – their ability to do so goes way back. OK, I’ll stop now… 😉

So, what do you think? Are you one of the users potentially compromised by the Internet Archive breach? Please share any comments you might have or if you’d like to know more about a particular topic.

Image Copyright © Internet Archive

Disclaimer: The views represented herein are exclusively the views of the authors and speakers themselves, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.