{"id":45323,"date":"2024-10-10T16:10:53","date_gmt":"2024-10-10T20:10:53","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=45323"},"modified":"2024-10-21T09:51:33","modified_gmt":"2024-10-21T13:51:33","slug":"internet-archive-hacked","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2024\/10\/10\/internet-archive-hacked\/","title":{"rendered":"Internet Archive Hacked"},"content":{"rendered":"

Lawrence Abrams<\/a> (Hacker News<\/a>):<\/p>\n

Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.<\/p>

[…]<\/p>

Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql.” The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.<\/p>

[…]<\/p>

While the Internet Archive is facing both a data breach and DDoS attacks at the same, it is not believed that the two attacks are connected.<\/p><\/blockquote>\n\n

Springtime<\/a>:<\/p>\n

Just in terms of privacy, it’s worth noting that anyone who has uploaded something on IA already has their email address publicly viewable.<\/p>

This isn’t something that commonly known (even judging by comments here) but in the publicly viewable metadata of every upload it contains the uploader’s IA account email address. So from a security perspective it’s bad but from a privacy perspective a lot of users probably weren’t aware of this detail if they’ve uploaded anything.<\/p><\/blockquote>\n\n

Previously:<\/p>\n