Internet Archive Suffers DDoS Attack as 31 Million User Credentials Stolen

The Internet Archive, a nonprofit digital library and home to the renowned Wayback Machine, has fallen victim to a series of crippling Distributed Denial-of-Service (DDoS) attacks. The attack, which began on October 8, 2024, not only disrupted access to the platform but also led to the theft of credentials for all 31 million users. The hacktivist group BlackMeta claimed responsibility for the attack, citing political motivations related to U.S. involvement in global conflicts.

The initial DDoS attack rendered the Archive’s services unavailable for hours, including the Wayback Machine, which stores millions of web snapshots. On social media platform X (formerly Twitter), BlackMeta announced their involvement, alleging that the platform’s connections to the U.S. justified the attack, even though the Internet Archive operates independently as a nonprofit. The disruption continued for days, with multiple waves of attacks bringing down services again on October 9.

Adding to the chaos, it was revealed that BlackMeta had also stolen the credentials of all 31 million registered users. These credentials, which include usernames, email addresses, and encrypted passwords, have reportedly been made available on the dark web. Although the passwords were encrypted, cybersecurity experts have warned that users may still be at risk, especially if they use the same login details across multiple platforms. The breach has raised significant concerns about the safety and security of personal data held by nonprofit organizations.

Brewster Kahle, founder of the Internet Archive, confirmed the ongoing attack, stating that efforts were being made to mitigate the damage and restore services. However, the team faced substantial challenges in fending off persistent attacks from BlackMeta, which demonstrated significant capabilities in conducting large-scale cyberattacks. Kahle emphasized that while the service disruption was a priority, ensuring the safety of user data was of equal concern.

Measures to Prevent Credential Theft

In light of the breach, security experts are advising all Internet Archive users to take immediate steps to protect their accounts:

1. Change Passwords Immediately: Users should change their Internet Archive passwords, especially if they reuse the same credentials on other platforms. Using a unique, strong password for each online account is crucial in preventing further exploitation.
2. Enable Two-Factor Authentication (2FA): Wherever possible, users should enable 2FA. This adds a critical layer of security by requiring a second form of verification in addition to the password, such as a text message or authentication app.
3. Adopt Password Managers: Using a password manager can help users generate strong, random passwords and securely store them. This reduces the risk of weak or reused passwords being compromised in future attacks.
4. Monitor Accounts for Unusual Activity: Affected users should keep a close watch on their accounts for any suspicious login attempts, unauthorized transactions, or password reset requests.
5. Dark Web Monitoring: Services that monitor the dark web for compromised credentials can provide alerts if a user’s information appears in these illicit databases. This allows users to act quickly in response to any further exposure of their data.
6. Update Security Information Regularly: Keeping recovery information like emails and phone numbers up-to-date ensures that users can quickly regain access to their accounts in the event of a breach.
7. Stay Informed About Security Best Practices: Regular updates on cybersecurity practices and awareness of phishing scams, ransomware, and other online threats can significantly reduce vulnerability to attacks.

Legal and Operational Challenges

The DDoS attack and data breach could not have come at a worse time for the Internet Archive, which is already engaged in ongoing legal battles related to copyright disputes, particularly around the distribution of ebooks. The organization recently lost an appeal in the U.S. Court of Appeals for the Second Circuit regarding ebook distribution, adding to its challenges.

This high-profile breach highlights the increasing vulnerability of nonprofit and public interest platforms to cyberattacks, particularly those that store vast amounts of user data. The scale of the attack has raised concerns across the tech and nonprofit sectors about the adequacy of current security protocols, particularly for organizations with limited resources compared to large corporations.

As BlackMeta continues its aggressive campaign against the Internet Archive, the platform’s millions of users and the broader digital preservation community anxiously await full service restoration. The broader implications of the attack underscore the critical importance of robust cybersecurity measures for all online platforms, especially those that serve as public resources.

The Internet Archive remains committed to restoring full access to its services while continuing efforts to safeguard user data from further exploitation. However, with ongoing attacks and the dark web sale of credentials, the path to recovery is fraught with challenges.