Internet Archive Data Leaks Reveal 31 Million Users, Attacked By DDoS

Illustration of data breach (photo: x @lekkibizc)

JAKARTA - On October 10, 2024, the Internet Archive confirmed a data leak that revealed personal information from 31 million users. In addition, the organization also faces Distributed Denial-of-Service (DDoS) attacks, with similar attacks previously occurring in May.

This data leak was first reported by Bleeping Computer, where the user's authentication database contains email addresses, screen names, passwords that have been hacked using Brypt, and other internal data are stolen and disseminated. The database is in the form of a 6.4GB SQL file called "ia_users.sql."

Although the identity of the attackers is not yet known, they briefly added a JavaScript alert on the Internet Archive website to announce the attack. Security expert Troy Hunt confirmed that the leaked data was valid.

Regarding the DDoS attack, a group calling themselves SN_Blackmeta claimed responsibility, with anti-semitic messages accusing the site of supporting US policies of conflict in the Middle East.

Meanwhile, the Internet Archive is currently updating their security and clearing the system after the attack.

In addition to this attack, the Internet Archive is also facing a number of legal issues, including defeats in copyright lawsuits that could threaten their operational continuity. The organization is also facing charges of $400 million from a number of music labels related to copyright infringement.