On the night of October 10th, 2024, the popular Internet Archive website, Archive.org, suffered a major security breach. According to a statement from their official X (formerly Twitter) account, the website was targeted by a Distributed Denial of Service (DDOS) attack, leading to the temporary suspension of their services. As of the time of writing, the Archive.org website remains offline, displaying only a message: “Internet Archive services are temporarily offline.” A link to their X handle is provided on this page, where they are sharing updates with users about the current situation.
While the DDOS attack itself disrupted access to the site, a more concerning issue has emerged: a significant data breach. Security website HaveIBeenPwned (HIBP) has confirmed that they received a data breach file a few days ago, which includes sensitive information for over 31 million users. The compromised data includes email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data. HIBP has already added this data to their database, allowing individuals to check if their email addresses have been affected by visiting https://haveibeenpwned.com/.
For users of the Internet Archive, no immediate action is required at this moment. However, when Archive.org resolves the attack and stabilizes its services, affected users will likely receive an official notification via email with instructions on how to update their passwords. Given the sensitive nature of the breach, users are advised to monitor their inboxes and act promptly once they receive such communications.
In the meantime, security experts strongly recommend that any users who have reused their Internet Archive password for other accounts – especially email – change those passwords immediately. This precautionary step is critical to preventing further unauthorized access. Using unique and strong passwords for each account is one of the best ways to safeguard against future breaches.
Additional Security Measures
To protect themselves from future breaches, users should take additional security steps:
- Enable Two-Factor Authentication (2FA): Many websites, including email providers, offer 2FA, which provides an extra layer of protection by requiring a second form of identification beyond just a password.
- Use a Password Manager: Password managers can help create, store, and manage strong, unique passwords for every account, reducing the risk of password reuse across multiple platforms.
- Monitor Accounts for Suspicious Activity: Regularly check your online accounts for any unusual activity. Most services provide notifications or alerts if they detect any suspicious login attempts or changes.
Conclusion
The compromise of Archive.org serves as a stark reminder of the increasing frequency and severity of cyberattacks on major online services. While the situation is still unfolding, users should remain vigilant, particularly if they have reused their Archive.org password for other accounts. As cybersecurity risks continue to grow, adopting strong security practices, such as enabling two-factor authentication and using unique passwords, can significantly reduce the risk of falling victim to future breaches.