Source URL: https://www.theregister.com/2024/10/10/internet_archive_ddos_data_leak/
Source: The Register
Title: Internet Archive leaks user info and succumbs to DDoS
Feedly Summary: 31 million users’ usernames, email addresses and salted-encrypted passwords are out there
The Internet Archive had a bad day on the infosec front, after being DDoSed and exposing user data.…
AI Summary and Description: Yes
Summary: The Internet Archive experienced a significant security breach marked by a DDoS attack that rendered its site unavailable for five hours, along with the exposure of over 31 million user accounts, including sensitive data such as email addresses and encrypted password hashes. This incident highlights ongoing vulnerabilities in information security, particularly for organizations managing large amounts of user data.
Detailed Description:
The recent incidents involving the Internet Archive underscore critical security concerns within the realm of information security. The organization faced a DDoS (Distributed Denial of Service) attack that made its digital library inaccessible for a substantial duration. Following the attack, a severe data breach was also disclosed, revealing that 31,081,179 user accounts were compromised. Below are the major points of this incident:
– **DDoS Attack**:
– Took place on a Wednesday afternoon, affecting the accessibility of the Internet Archive’s site.
– Users experienced an outage that lasted up to five hours, with only a notification provided during this time.
– **Data Breach**:
– Have I Been Pwned (HIBP) reported the leak, which included sensitive user information such as email addresses, screen names, and bcrypt password hashes.
– The Internet Archive’s representative, Brewster Kahle, confirmed the data breach, citing that the service experienced a “defacement of our website via JS library” leading to the exposure of usernames, emails, and salted-encrypted passwords.
– **Immediate Response**:
– The organization has since disabled the compromised JavaScript library and is in the process of “scrubbing systems” and upgrading security measures.
– Kahle has promised to provide more information as it becomes available, though further details weren’t disclosed at the time of the report.
– **Uncertainty and Ongoing Challenges**:
– It remains unclear whether the DDoS attack and the data breach are linked.
– This comes on the heels of numerous challenges faced by the Internet Archive in 2024, including legal issues related to digital lending rights and previous DDoS attacks.
The implications of these incidents are profound, as they highlight the importance of robust infrastructure security measures, timely response protocols, and maintaining user data confidentiality. Security and compliance professionals must take heed of such breaches to bolster their strategies against similar threats.