Internet Archive data breach: Hacker claims to ‘See 31 million of you' on Have I Been Pwned

DDoS attacks are taking down the Internet Archive's website as well.
By Matt Binder  on 
Hacker image
The Internet Archive has suffered a major data breach as well as ongoing DDoS attacks. Credit: DBenitostock via GETTY

The Internet Archive is currently under attack from hacker groups. And, it seems these bad actors have been able to access sensitive data for millions of the Internet Archive's users.

The non-profit Internet Archive, which keeps archived versions of digital media including websites via The Wayback Machine, has been suffering from distributed denial of service (DDoS) attacks since the beginning of the week. These attacks have resulted in prolonged inaccessibility.

"@internetarchive is being cautious and prioritizing keeping data safe at the expense of service availability," posted Internet Archive digital librarian Brewster Kahle on his X account.

However, the DDoS attacks aren't the only thing the Internet Archive has to worry about. It appears that the Internet Archive has been unable to keep at least some of its data safe as it undergoes attacks from threat actors. 

Emails, screen names, and encrypted passwords for 31 million Internet Archive users have been stolen in a data breach. At this time, it's unclear if the data breach and the DDoS attacks are related.

Mashable Light Speed
Want more out-of-this world tech, space and science stories?
Sign up for Mashable's weekly Light Speed newsletter.
By signing up you agree to our Terms of Use and Privacy Policy.
Thanks for signing up!

Internet Archive hacked

Along with the downtime related to the DDoS attacks, social media users began noticing a pop-up prompt on the Internet Archive's website on Wednesday.

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach?" read the prompt. "It just happened. See 31 million of you on HIBP!"

HIBP refers to the website Have I Been Pwned, a website that notifies users if their data was involved in a data breach.

According to Bleeping Computer, Have I Been Pwned founder Troy Hunt confirmed to the outlet that they had received a 6.4GB SQL database file which includes users' "email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data."

Hunt has been able to confirm the legitimacy of the data. Based on the timestamp on the hacked information, it appears that it was likely stolen on September 28, 2024. Hunt said that he contacted the Internet Archive before loading the data into the Have I Been Pwned service. He has not yet heard back.

A group known as SN-Blackmeta has claimed responsibility for the DDoS attack. Again, its unclear if they are involved in the data breach. The group said that it carried out the DDoS attack because of the United States' support for Israel and that the Internet Archive "belongs to the USA." Many social media users were quick to point out that the Internet Archive is an independent non-profit organization and is not affiliated with the U.S. government.

Mashable has reached out to the Internet Archive for more information on the attacks and will update this post when we hear back.

Topics Cybersecurity


Recommended For You
New AT&T data breach impacts 'nearly all' customers
An AT&T store in New York, US.

Hackers steal nearly 1.7 million credit card numbers in breach
Hacker with stolen credit card

Over 200,000 Comcast customers affected in data breach: Names, IDs, Social Security numbers exposed
Comcast logo

Fidelity data breach compromises more than 77,000 customers
Fidelity logo

AT&T reportedly paid hacker $370,000 to delete stolen customer data
The silouhette of a man looking down as his smartphone as he walks past the AT&T logo.

Trending on Mashable
Wordle today: Answer, hints for October 11
a phone displaying Wordle

NYT Connections today: Hints and answers for October 11
A phone displaying the New York Times game 'Connections.'

NYT Connections today: Hints and answers for October 10
A phone displaying the New York Times game 'Connections.'

Astronomers just found a galaxy way too advanced for its time
Galaxy forming in the early universe

'The Platform 2's twisty ending, explained
A close-up of a topless, bald man holding a lit lighter.
The biggest stories of the day delivered to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up. See you at your inbox!