Internet Archive Faces 'Catastrophic' Data Breach: Exposing Data of 31 Million Users

The assault on the San Francisco-based nonprofit, claimed by a shadowy group that experts described as a pro-Palestinian "hacktivist," lays bare the perils of cybersecurity breaches ahead of the November 5 US presidential election.

Brewster Kahle, the Internet Archive's founder and digital librarian, acknowledged a series of distributed denial-of-service (DDoS) attacks -- aimed at disrupting a website or server -- since Tuesday and said the organization was working to upgrade security.

The assault led to the "defacement of our website" and a breach of usernames, emails, and passwords, Kahle wrote on X, formerly Twitter, late Wednesday.

In a new post early Thursday, Kahle said the attackers had returned, knocking down both the Internet Archive's main site and its "Open Library," an open-source catalogue of digitized books.

The Internet Archive's data "has not been corrupted," he wrote in a subsequent post.

"We are working to restore services as quickly and safely as possible," he added.

On Wednesday, users reported a pop-up message claiming the site had been hacked and the data of 31 million accounts breached.

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach?" said the pop-up, apparently posted by the hackers.

"It just happened. See 31 million of you on HIBP!"

HIBP refers to a site called "Have I been Pwned," a site that allows users to check whether their emails and passwords have been leaked in data breaches.

In another post on X, HIBP confirmed that 31 million records from the Internet Archive had been stolen, including email addresses, screen names, and passwords.

Kahle did not respond to a request for comment about the scale of the data breach.

A hacker group called "SN_BLACKMETA" claimed responsibility for the attack on X.

"The Internet Archive has and is suffering from a devastating attack," the group wrote on the platform Wednesday.

"They are under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of 'Israel.'"

In a threat advisory in July, Radware, a cybersecurity solutions provider, described the group as a "pro-Palestinian hacktivist with potential ties to Sudan" and possibly operating from Russia.

Radware called the group a "rising cyber threat" with a "strong ideological stance and a strategic approach to cyber warfare."

The Internet Archive, a nonprofit that is not known to have any ties to the US government or Israel, was founded in 1996 and advocates for a free and open internet.

It operates a web archive called the Wayback Machine, which has captured snapshots of millions of internet pages.

Like other archival sites, the Wayback Machine is a crucial resource for fact-checkers, who use it to trace deleted web pages and ensure that the evidence cited in articles is permanently available to readers.

It can also be used to document changes made to online content over time and helps researchers and scholars find historical collections that exist in digital formats.