Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.
News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.
"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," reads a JavaScript alert shown on the compromised archive.org site.
Internet Archive has been hacked
- Andrew Lee
- Posts: 3116
- Joined: Sat Feb 04, 2006 9:19 am
- Contact:
Internet Archive has been hacked
Source: https://www.bleepingcomputer.com/news/s ... ion-users/
Re: Internet Archive has been hacked
@Andrew: Thank you very much for the info.
Here is what I personally know about the data breach: Yesterday (Wednesday Oct. 9) I checked one of my email accounts that I use exclusively for accessing my internet archive account. The only messages I receive on this account are from the internet archive, but I was surprised to discover a message from a "Paypal Service" saying something like I should connect to my Paypal account (following the provided link of course) to do something with my account, I could not figure out and remember exactly what, because the message was apparently in French ( ).
I don't have a Paypal account.
I don't communicate in French.
And since absolutely nobody knows of the existence of this account, it was clearly a scam, for which I wanted to know more.
I pasted the message in Google which returned immediately MANY posts.
Until I saw Andrew's post I was wondering how the message had reached my account, and I thought that maybe my email address had been "crafted blindly" .... and boom !!!, had hit a valid email account address (mine) .... Though I was really puzzled, because the email server of my account is not a very common/big server, like a gmail account.
So, now we have one example of the possible uses of the data breach
The hackers got a LONG list of email addresses they can use for nefarious effects ...
Now, If you read the article until the end, at the bottom of the web page there is a link to a data breach experienced by Fidelity Investments customers .....
https://www.bleepingcomputer.com/news/s ... 00-people/
Good Luck
Here is what I personally know about the data breach: Yesterday (Wednesday Oct. 9) I checked one of my email accounts that I use exclusively for accessing my internet archive account. The only messages I receive on this account are from the internet archive, but I was surprised to discover a message from a "Paypal Service" saying something like I should connect to my Paypal account (following the provided link of course) to do something with my account, I could not figure out and remember exactly what, because the message was apparently in French ( ).
I don't have a Paypal account.
I don't communicate in French.
And since absolutely nobody knows of the existence of this account, it was clearly a scam, for which I wanted to know more.
I pasted the message in Google which returned immediately MANY posts.
Until I saw Andrew's post I was wondering how the message had reached my account, and I thought that maybe my email address had been "crafted blindly" .... and boom !!!, had hit a valid email account address (mine) .... Though I was really puzzled, because the email server of my account is not a very common/big server, like a gmail account.
So, now we have one example of the possible uses of the data breach
The hackers got a LONG list of email addresses they can use for nefarious effects ...
Now, If you read the article until the end, at the bottom of the web page there is a link to a data breach experienced by Fidelity Investments customers .....
https://www.bleepingcomputer.com/news/s ... 00-people/
Good Luck