Internet Archive Hit By Major Data Breach, Impacting 31 Million User Accounts

The Internet Archive's "Wayback Machine" experienced a data breach after a threat actor compromised its website and accessed a user authentication database containing 31 million unique records.

The Wayback Machine is a digital archive that captures and stores snapshots of websites, allowing users to access them even if the original site has been changed or removed.

Reports of the breach surfaced Wednesday afternoon when visitors to archive.org encountered a JavaScript alert from the hacker, confirming the breach.

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," reads a JavaScript alert shown on the compromised site.

The reference to "HIBP" pertains to the "Have I Been Pwned" data breach notification service, created by Troy Hunt, where threat actors often submit stolen data for inclusion.

The breached database includes authentication details for registered users, such as email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.