Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
Internet Archive Hacked: The Full Story

Internet Archive Hacked: The Full Story

By Sérgio F.Sérgio F. Verified by Mary P.Mary P. Last updated: December 23, 2024 (0)
Table of contents

Since 1996, the Internet Archive has been providing internet investigators, researchers, historians, and others with an easy way to access past internet records. The platform is best known for its Wayback Machine, which archives websites and lets users see how they appeared on different dates in the past.

This digital library offers free access to 28 years of web history, from snapshots of websites to print materials. This makes it fundamental to preserving historical data that could otherwise be lost because of censorship, shutdowns, or technical failure.

In October 2024, the Internet Archives website – archive.org – was the target of three cyberattacks, exploiting different vulnerabilities. These attacks caused significant disruptions for its users, including temporary outages.

As the platform provides user accounts for added functionality, the recent hacks have raised significant concerns about its security. This article will explore what occurred, the consequences, and what it means for users moving forward.

The Internet Archive data breach: What happened?

While the most popular cyberattacks happened in late 2024, the first red flags were raised in 2022.

Date Event How Impact
October 9, 2024 User data breach

DDoS attack
Exploitation of GitLab token that provided access to the platform’s source code

This file was vulnerable since December 2022
Over 30 million records of user data stolen

Includes Bcrypt-hashed passwords, email addresses, and other private data
October 11, 2024 Support platform breach Exploitation of unrotated API tokens for Zendesk Hackers gained access to Internet Archive’s Zendesk support platform
October 19, 2024 Prolonged exploitation Continued exploitation of unrotated API tokens for Zendesk Ongoing data exposure

Access to support ticket information since 2028, which may include personal identification documents

While there is no definitive proof of who is behind these attacks, it’s suspected that they were carried out by more than one group. The reasons for this stem from the diverse nature of the attacks. While one focused on data exfiltration, the other disrupted access to the website.

On October 13, the hacktivist group SN_BlackMeta issued a statement on X, claiming sole responsibility for the DDoS attack and clarifying their motivations. According to the statement, they don’t work with any government agency and their primary goal is to amplify the voices of Palestinians and fight for justice and equality.

Upon noticing the cyberattack, the Internet Archives started to address it immediately by implementing security measures and communicating with the public.

Hacker atack

 

Restoring Internet Archive services: The aftermath

After acknowledging the attacks, the team behind the Internet Archives started to address them in different ways to begin its restoration sequence.

  • Mitigation of the DDoS attack: Protected the affected systems by deploying security measures to handle traffic influx.
  • Data breach remediation: Fixed the breach entry point by rotating the compromised API tokens, turning off the affected libraries, and scrubbing systems.
  • Deployment of additional security safeguards: Implementation of stronger data encryption, authentication mechanisms, monitoring systems, and more thorough audits.
  • Ongoing communication with the public: informed the public about the nature and complexity of the cyberattacks and what measures were being taken to address them.
  • Gradual restoration of public access: services were brought online in steps, with thorough testing in each phase to ensure no vulnerabilities remained. Some features were temporarily disabled or accessible only via read-only mode, preventing further tampering with the system. In addition, the Internet Archive team sought user feedback and cybersecurity experts to validate its new security measures.

Naturally, during the attacks, users raised serious concerns about having their sensitive data stolen, fearing its potentially disastrous consequences, such as identity theft. Plus, the service disruption created by the DDoS attack restricted access to vital resources, leaving educators and researchers with their hands tied.

Secure technology

The broader implications of the hack

The Internet Archive was founded to provide free access to all kinds of digital media, and has become one of the largest libraries of digital resources. The platform is vital in preserving historical, educational, and entertainment materials. Even if the originals are lost, become obsolete, or degrade over time, they’ll be saved for future reference. So, it’s essential to keep any potential hacks away from the Internet Archives platform.

This breach could significantly undermine public trust. Users may become more skeptical about the platform’s ability to protect sensitive data and historical content. In the long run, this skepticism could lead to decreased engagement from educators, researchers, educators, and institutions. Consequently, this may result in reduced access to digital preservation, decreased funding, and a negative impact on historical and cultural documentation.

Password hash

The Internet Archive breach serves as an important reminder for users about online security. Regardless of the service you use, if you have a registered account, it’s crucial to always employ strong passwords, enable multi-factor authentication, and use encryption to safeguard your data. One effective solution is to implement a password manager or internet security platform, as they protect you from minor and major data breaches, such as the one experienced by the Internet Archives.

What will be the future of the Internet Archive?

While the Internet Archive’s hack took the platform’s team by surprise, they didn’t wait to start working on recovering and strengthening its infrastructure. Following the DDoS attack, the team limited access to the website to focus on mitigating its consequences.

They prioritized securing the affected systems and isolating vulnerabilities while implementing additional security measures to prevent future breaches. This involved tightening firewall controls and modifying data flows to improve data protection, enhance server security, and strengthen threat monitoring.

 

Protective measures you can take

To make sure the platform can fully recover after the breach, the team is gradually activating its services. Additionally, they have made a concerted effort to increase transparency with users regarding their security practices. This means that the Internet Archives is on the right path to fully recovering after the hack.

Threat

It’s clear that archival platforms, such as the Internet Archives, are too valuable to not be completely secure. As digital archives keep expanding, these vital resources must be secured with robust cybersecurity measures, such as implementing stronger encryption and automated security systems.

Nowadays, many of these systems use machine learning and artificial intelligence for continuous monitoring, real-time threat identification, and self-recovery capabilities. This makes it much more challenging for bad actors to breach systems successfully.

How to protect yourself as an individual

The Internet Archive’s cyberattack was a result of poor cybersecurity practices, which means you couldn’t do anything as an individual user to avoid it. However, you can always be proactive and take precautionary actions to reduce the likelihood of having your data compromised after such a breach.

How to stay protected

1

Use a password manager to help you create strong passwords and secure your private data in an encrypted vault. 2FA makes it much easier to rotate passwords during a breach. Some password managers can even alert you if such a breach occurs via dark web monitoring.

2

Encrypt internet traffic with a VPN to prevent hackers from intercepting information. Given that the Internet Archive breach involved the theft of user data, a VPN offers protection against further attacks by masking user IP addresses and securing online communications.

3

Use an internet security suite to protect your data all in one convenient solution. Typically, they include antimalware, phishing threat protection, firewall monitoring, password management, and even a VPN. Combining these features will take you one step closer to winning the battle against malicious actors.

Regardless of the type of security you choose, it’s not by chance that all share high encryption standards in one way or another. Always remember that encryption is your best ally in protecting data.

Lastly, on platforms like the Internet Archives, it’s essential for communities to collaborate in identifying vulnerabilities. While the user doesn’t bear any responsibility regarding website security measures for threat prevention, they can still play an essential role in this area. By remaining vigilant and promoting a culture of support, digital preservation can continue to flourish despite emerging threats.

Preserving the past and securing the future

The Internet Archive’s cyberattack should concern us all, whether we use the internet or not. Its digital repository is fundamental for humanity to keep track of the past and prepare for the future. Although we can criticize the Internet Archive for its data security shortcomings, it demonstrated resilience and commitment to keeping all data safe after discovering the breach.

Security lock

Given the scale and disruptive nature of the attack, its prompt action and assistance from users helped prevent prolonged downtime and long-term damaging consequences. In addition, the team’s commitment to telling users what was happening helped maintain transparency and trust.

Historical data is an irreplaceable and crucial asset for our development as a society and should be safeguarded with the best security possible. Fortunately, with strengthened security measures and more transparency, the Internet Archive is set to continue its mission of preserving history.

The Internet Archive data breach FAQ

Who hacked the Internet Archive?
What kind of data breach occurred during the Internet Archive hack?
How is the Internet Archive restoring services after the hack?

User feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2025 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us