The Internet Archive, the nonprofit digital library dedicated to preserving web history, suffered a major security compromise on Wednesday. The platform was targeted by a dual-pronged assault involving a distributed denial-of-service (DDoS) attack and a significant data breach that exposed the personal information of millions of users.
Security Breach Confirmed by Have I Been Pwned
Visitors to the site were met with an alarming pop-up message taunting the organization’s infrastructure. The notification stated: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
The claim was quickly validated by Have I Been Pwned (HIBP), a service that monitors data leaks. HIBP confirmed that 31 million unique email addresses and usernames were compromised in the incident. Brewster Kahle, who founded the Internet Archive in 1996, acknowledged the validity of the breach shortly thereafter.
DDoS Attacks and Ongoing Security Upgrades
In addition to the data theft, the organization faced a persistent DDoS attack. While a hacktivist group claimed responsibility for the disruption, it remains unclear if they were also behind the underlying data breach. The digital library has been working to mitigate the impact of the traffic spikes.
Addressing the situation on X, Kahle confirmed that the organization has successfully “fended off” the DDoS attack for the time being. The team is currently conducting a thorough scrub of its systems and implementing significant security upgrades to prevent further unauthorized access.
Despite these measures, the full extent of the vulnerability remains under investigation. Kahle noted that the organization intends to provide further updates as the forensic analysis continues and more information becomes available.