GarethWilliamsOct 9, 2024
BrianKrebs
Meanwhile, at a site I visit daily
Oct 9, 2024 at 9:09pmWeb
Show threadBrianKrebsOct 9, 2024

BleepingComputer writes: The text "HIBP" refers to the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.

Hunt told BleepingComputer that the threat actor shared the Internet Archive's authentication database three days ago and it is a 6.4GB SQL file named "ia_users.sql." The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

Hunt says there are 31 million unique email addresses in the database, with many subscribed to the HIBP data breach notification service. The data will soon be added to HIBP, allowing users to enter their email and confirm if their data was exposed in this breach.

https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/

Internet Archive hacked, data breach impacts 31 million users

Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.

BleepingComputer
Show threadTijgertje1987Oct 10, 2024
@briankrebs well at least they have used bcrypt to hash the passwords
Show threadPsyvacyOct 10, 2024

@briankrebs Got caught up in this, but thankfully I used an alias email and a unique password so I'm just vaguely annoyed that someone is attacking them.

Preventative measures work

Show threadKevinOnEarthOct 10, 2024
@Psyvacy @briankrebs
This is just one more reason why alias emails are ESSENTIAL for any online subscriptions! I have been doing this since the beginning of the Internet (or nearly 😉).
Like Virtual credit cards. You can limit any deviant use of your stuff, identify them & shut them out.
Show threadSylvhemOct 9, 2024
@briankrebs Shit. So that’s why the Cover Art Archive was hard to reach yesterday.
Show threadGlyphOct 9, 2024
@briankrebs uh oh
Show threadLaffyOct 9, 2024
@briankrebs Omg!
Show threadNO NAMEOct 9, 2024

@briankrebs

Yay they hacked a site running on donations. If they had any balls they'd breach X and delete it. Elon's password is probably GOD.

Show threadChristmas TreeOct 10, 2024
@jeff @briankrebs system operators love to use god, it's that whole male ego thing
Show threadDavid NjokuOct 9, 2024

@briankrebs Ouch.

I'm curious, tho; I'm obviously aware of archive.org, but why would you visit it daily?

Show threadBrianKrebsOct 9, 2024
@davidnjoku Because most websites don't last forever? And I'm often having to find websites that don't exist anymore or that their owners probably didn't want people to find.
Show threadDavid NjokuOct 9, 2024

@briankrebs Fair enough.

In addition, I've just reread your profile; your profession makes that make a lot more sense. 🙂

Show threadRRBOct 9, 2024
@briankrebs (details: this is our second blast of abusive traffic from an AWS customer today apparently from an AI company harvesting Internet Archive texts at an extreme rate)
Show threadAndrewOct 9, 2024
@rrb @briankrebs how would that cause a security breach though
Show threadRRBOct 9, 2024
@cinebox @briankrebs DDoS
Show thread Ibly 🏳️‍⚧️ Oct 9, 2024
@briankrebs well, this fucking sucks :(
Show threadFnordingerOct 9, 2024
@briankrebs The Website doesn‘t seem to load at all now.
Show threadjenbanimOct 9, 2024
@briankrebs that's unfortunate. Does the Internet Archive collect any information from users that could be valuable? I mostly know them for their archives which are, you know, public
Show threadBrianKrebsOct 9, 2024
@jenbanim They practically subsist on donations, so there's that.
Show threadjenbanimOct 9, 2024
@briankrebs ouch yeah didn't think about that. Do you happen to know if they used a third party payment processor of handled the payments themselves?
Show threadBrianKrebsOct 9, 2024
@jenbanim I think they use stripe or something similar. either way, there's likely going to be addresses, names, emails ,etc., because they very much do hit up their former donors.
Show threadjenbanimOct 9, 2024

@briankrebs thanks. That obviously not good, but as far as breaches go it seems not too severe

By comparison I've had my SSN leaked quite literally 5+ times already

Show threadEvilKiru 🇮🇸 he/himOct 9, 2024
@briankrebs I don't recall ever seeing a login prompt when using the Web Archive. But then again, I've only ever used the Wayback Machine feature, not the library lending feature.
Show threadbEA 🔓Oct 9, 2024
@briankrebs oh my, I'll have to change my SSN and all the PII I've kept saved on there.
Show threadCodhisattvaOct 9, 2024
@briankrebs I was wondering if that was some injected JavaScript and a prank. Sad to see it’s more than just me.
Show threadCodhisattvaOct 9, 2024
@briankrebs seems like they went offline
Show threadBrianKrebsOct 9, 2024
@Codhisattva Yeah it could well be a defacement.
Show threadMichał "rysiek" Woźniak · 🇺🇦Oct 9, 2024
@briankrebs uhhhh 😬
Show threadOregon Wine WomanOct 10, 2024
@briankrebs 😳
Show threaddandandinOct 10, 2024
@briankrebs i thought it was a joke then immediately received the email from hibp 😢
Show threadcultdevOct 10, 2024
@briankrebs the internet is hell now