Connect with us

    Hi, what are you looking for?

    Reviews

    “Privacy Concerns Arise from Data Breach at Internet Archive’s Wayback Machine”

    The Internet Archive recently encountered a hacking event that has led to the illegitimate access of credentials for 31 million users.

    Noteworthy: The Internet Archive is a charitable organization dedicated to safeguarding digital content that is at risk of disappearance. Google has begun incorporating links to the archive within its search results.

    Internet Archive’s Wayback Machine experiences data breach, user details compromised

    Visitors of The Wayback Machine yesterday received a notification stating: “Have you ever sensed that the Internet Archive operates on outdated technology and is perpetually near a significant security breach? It has just taken place. See 31 million of you on HIBP!”

    For those who may not know, HIBP refers to Have I Been Pwned, a well-known breach alert service. BleepingComputer reports that its creator, Troy Hunt, informed the blog that the cybercriminals submitted the breached authentication database to the service nine days ago.

    The Internet Archive was notified by Hunt three days earlier, but it reportedly took no action. Users can verify if their email addresses have been affected by this breach by visiting https://haveibeenpwned.com/.

    The compromised information includes email addresses, usernames, and timestamps for password alterations, among other specifics. However, there is no immediate reason to panic; users may choose to change their passwords. The report suggests that the actual passwords were not revealed, with only Bcrypt-hashed passwords (one-way salted hashes) being compromised, a detail confirmed by cybersecurity specialist Scott Helme.

    Nonetheless, the breach involves the unauthorized acquisition of 31 million distinct email addresses, raising considerable concern. This incident underscores the necessity of utilizing email alias services, such as Simple Login, Firefox Relay, and DuckDuckGo’s Email Protection. Many of these services, which provide both free and premium options, cloak users’ actual email addresses and offer an alias to protect against spam and security breaches. Any communications directed to the alias are routed to the user’s genuine inbox without revealing their actual address.

    Advertisement. Scroll to continue reading.

    The details concerning how the Internet Archive was compromised remain undisclosed. The site had recently endured a DDoS attack from the BlackMeta hacktivist group, which claimed responsibility for assaulting the site for over five hours and intended to continue their actions. Currently, the website appears to be functioning normally.

    In related developments, the Internet Archive suffered a setback in its legal battle with Hachette when the US Court of Appeals for the Second Circuit ruled that its digital archive infringed copyright law. The Archive contended that its lending library complied with the fair use doctrine, which permits certain copyright infringements under specific conditions; however, the court dismissed this assertion. (via Wired)

    For context, the Internet Archive’s National Emergency Library played a pivotal role during the COVID-19 pandemic by granting access to numerous individuals, including students, when physical books were challenging to obtain. This initiative provided scanned editions of physical books through the Open Library. However, it attracted criticism from publishers who alleged it facilitated the piracy of copyrighted works, ultimately resulting in legal action against the Internet Archive. Although the Archive lost the case, the court did acknowledge its nonprofit status.

    This data breach prompts inquiries regarding its motivations. Consider the case of a ransomware group targeting a medical institution. As a nonprofit public resource, what could drive such a hack? If the site’s security was indeed lacking, why not alert the organization or assist in rectifying the vulnerabilities? It is also crucial to consider that the compromised user data could be exploited for cross-referencing and breaching other services. Nevertheless, this attack is notable as hackers typically concentrate on commercial targets.

    Image Source: mayam_studio / Shutterstock

    You May Also Like

    Reviews

    Microsoft has resolved 74 security issues in its software during the company’s August 2023 Patch Tuesday release. The previous month’s update tackled 132 vulnerabilities,...

    Hacks

    An economical high-voltage power supply project has been developed by Sebastian from Baltic Labs. The primary element of this endeavor is a commercial power...

    Hacks

    The issue of compatibility centers around the POPCNT CPU function. TheBobPony’s posts on Twitter uncovered that this function is found in several Windows 11...

    Hacks

    The choice to utilize USB storage was influenced by the nonexistence of Bluetooth and the substandard audio input port in the dated entertainment system....