The Internet’s time machine was attacked and more than 31 million email addresses were exfiltrated and subsequently exposed. This attack leaves our modern Web archive in trouble.
Wayback Machine failed and the matter is serious!
The Wayback Machine, a project of the Internet Archive, has been an indispensable tool for looking back at the World Wide Web of yesteryear. The Internet changes so quickly and so dramatically that it can be a little shocking to see how different things were not so long ago. The site preserves a lot of things, including old Nintendo Power games and magazines; as well as serving as "proof" for what was shown over time by all players of the internet world.
Unfortunately, one of the Web's greatest assets isn't making headlines today on its merits: it was robbed, and quite dramatically.
As reported by BleepingComputerthe site was breached by an unknown party, who managed to steal a database with over 31 million user records, which includes things like email addresses, usernames, the timestamps of word changes -pass and hashed passwords.
The hacker left a JavaScript alert on archive.org, which said:
Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? This just happened. We will see 31 million people at HIBP!
HIBP is the abbreviation for Have I Been Pwnedwhich allows you to enter your email address to check whether or not your credentials were involved in a data breach.
';--have i been pwned?
BleepingComputer spoke to the site's creator, Troy Hunt, about this particular breach, who confirmed that the hacker shared a 6.4 GB file containing the breach data with HIBP 10 days ago.
Hunt says the invasion probably occurred on September 28th and that the stolen data includes 31 million unique email addresses. At the time of BleepingComputer's report, these emails had not yet been added to the HIBP database, but when they are, users will be able to check whether or not they were affected by this breach.
To make matters worse, the Internet Archive was attacked again, this time through a DDoS (distributed service denial) attack. At the time of this article, archive.org is currently down, including the Wayback Machine.
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
— Brewster Kahle (@brewster_kahle) October 10, 2024
What you can do to protect your data
At this point, continue checking HIBP: by entering your email here, you will be able to see if your data was involved in this breach (and of course other breaches on the Internet).
Unfortunately, you can't do anything to reverse the effects. However, you can take steps to prevent your data from being further affected. One is to keep a skeptical eye on all emails you receive in the future: Bad actors will likely try to send you messages with malicious hyperlinks, perhaps trying to convince you that they have a solution for your compromised email address. .
Do not click on these links and be careful with emails from strange accounts.
Also read:
Source: pplware.sapo.pt
