On October 15, the Internet Archive, known for its Wayback Machine, confirmed a data breach amid ongoing Distributed Denial-of-Service (DDoS) attacks that have left the platform vulnerable. The breach exposed 31 million users, compromising sensitive information, while hackers began responding to support tickets sent by users.

The Breach and DDoS Attack

The data breach, first reported by Bleeping Computer, revealed that a threat actor had accessed and shared Internet Archive’s authentication database. This resulted in a leak of email addresses, screen names, and Bcrypt-hashed passwords of its users. Additionally, the attackers displayed a JavaScript alert on the site, blatantly announcing their intrusion. Although the identity of the hackers remains unknown, their actions have caused significant disruption.

Simultaneously, the Archive is grappling with DDoS attacks claimed by a group named SN_Blackmeta. These cyber-assaults rendered the site offline temporarily, peppering their attack with antisemitic comments linking the organization unfavorably to the US government. The attacks have sparked widespread criticism and discussion about digital infrastructure's vulnerability and the political implications of hacktivism.

Ongoing Legal Challenges

The Internet Archive is not just facing cybersecurity threats but also legal ones. Recently, a US Court ruled against them in Hachette v. Internet Archive, related to copyright infringement through its book digitization projects. The case highlighted the tension between copyright law and fair use doctrine, which the Archive cited unsuccessfully in its defense.

The organization’s initiative, the National Emergency Library, launched during the pandemic, was aimed at providing access to books during library closures. However, its decision to remove borrowing limits on digital copies led to legal challenges from publishers, culminating in costly legal battles.

Adding to its woes, the Archive is subject to litigation from music labels seeking $400 million in damages, threatening its very existence.

Response and Remediation

In light of these attacks, the Internet Archive has taken steps to bolster its security. These include disabling compromised JavaScript libraries and scrubbing its systems for vulnerabilities. While efforts are underway to restore services and reassure users, the organization continues to face uphill battles on legal and cybersecurity fronts.

For more on this ongoing story, visit the original report on 9to5Mac.