Internet Archive Details
Internet Archive
San Francisco, California • 150 employees • Media and Entertainment
https://archive.org
United States
Industry
Media and Entertainment
Security Incidents
2
The Internet Archive is a nonprofit digital library with the primary purpose of providing "universal access to all knowledge." It was founded by Brewster Kahle in 1996 and is based in San Francisco, California. The organization aims to preserve digital content, offering permanent access to researchers, historians, scholars, and the general public to a vast range of media, including websites, videos, audio recordings, software, and books.
One of the Internet Archive's most notable features is the Wayback Machine, introduced in 2001, which allows users to view archived versions of web pages acr...
Show more
Security Incidents
Internet Archive Breach of Oct 2024
Show more
Show more
The breach was exacerbated by a DDoS attack, which brought down the site and related services such as the Wayback Machine and Open Library for extended periods. These atta...
Show more
Severity Score
Significant to High
Type
Data BreachSummary
The Internet Archive, known for its Wayback Machine, faced a significant cybersecurity incident in October 2024, involving a data breach and multiple distributed denial-of-service (DDoS) attacks. On October 9th, hackers accessed the organization's user authentication database, exposing information of approximately 31 million accounts, including email addresses, screen names, and bcrypt-hashed passwords. The data breach materialized due to exposed GitLab authentication tokens, revealing sensitive source code and database credentials, which allowed attackers to stealthily extract over 7TB of dat...Show more
Severity
The cyberattack on the Internet Archive marked a significant event with dual impact—a major data breach and a series of distributed denial-of-service (DDoS) attacks. The data breach involved unauthorized access to a user database containing records of approximately 31 million users, which included email addresses and bcrypt-hashed passwords. Notably, a majority of the compromised credentials had already been registered on the "Have I Been Pwned" data breach notification service. The concurrent DDoS attacks exacerbated the situation by causing prolonged service outages and defacements, pointing...Show more
Impact
The Internet Archive experienced a serious cybersecurity incident involving both a data breach and repeated distributed denial-of-service (DDoS) attacks. The data breach resulted in the exposure of account data, affecting approximately 31 million users. This data included email addresses, screen names, bcrypt-hashed passwords, and timestamps for password changes, posing a potential risk to user privacy and account security.The breach was exacerbated by a DDoS attack, which brought down the site and related services such as the Wayback Machine and Open Library for extended periods. These atta...
Show more
Internet Archive Breach of Oct 2024
The breach continued to unfold with threat actor...
Show more
Show more
Show more
Severity Score
Significant to High
Type
Data BreachSummary
In October 2024, the Internet Archive, widely recognized for its Wayback Machine, faced multiple cyberattacks, including a significant data breach, a DDoS attack, and later compromising its Zendesk email support platform. Initially, the leak of a GitLab configuration file led to the theft of authentication tokens, exposing approximately 31 million user records, including usernames, email addresses, and encrypted passwords. Shortly after, the Archive also endured a DDoS attack reportedly carried out by a pro-Palestinian group named SN_BlackMeta.The breach continued to unfold with threat actor...
Show more
Severity
The Internet Archive experienced a severe cybersecurity incident in October 2024, characterized by three significant attacks. Initially, attackers capitalized on a two-year-old exposed GitLab token to access sensitive user data of about 31 million individuals, including usernames, email addresses, and salted-encrypted passwords. Subsequently, they conducted a Distributed Denial of Service (DDoS) attack and defaced the site using a JavaScript library vulnerability. A third attack focused on unrotated API tokens related to their Zendesk support platform, compromising potentially sensitive inform...Show more
Impact
The Internet Archive experienced a multifaceted cyber security incident involving a data breach and a subsequent chain of attacks. Initially, user data for 31 million accounts, including usernames, email addresses, and encrypted passwords, was stolen. An exposed GitLab authentication token allowed the threat actors to retrieve not only the source code but also additional system credentials, leading to further unauthorized access to systems, including the Zendesk platform. This access allowed attackers to send emails from the archive's support system affecting 800,000 support tickets, potential...Show more
KEEP YOUR ENVIRONMENT SECURE
Weak credentials are the leading cause of breaches. Beyond Identity can help.
See MFA exploits in action
Watch how adversaries exploit companies in quick videos