Cyber ​​attackers are back after stealing data from 31 million accounts

The Internet Archive, a nonprofit initiative dedicated to preserving a wide range of content such as web pages, books, images and videos, is facing difficult times. Earlier this month, cyber attackers managed to penetrate the platform’s systems, disrupting its operation and stealing data. Days have passed and the extent of the original incident is still unclear. Cause? The attackers are at it again.

Original incident. Last Wednesday, October 9th, everything seemed to be going fine, but things became more difficult with each passing moment. www.archive.org has stopped working. When you visited the page, instead of the classic welcome page, you found the following message: “Do you get the feeling that the Internet Archive is unstable and always on the verge of a serious security breach? Well, it happened. 31 million of you use HIBP!”

An unauthorized person managed to bypass all Internet Archive security measures, post a message, and apparently steal credentials. The group behind the attack cited HIBP to support their claim. This is Have I Been Pwned, an initiative that allows people to find out if their email address or phone number has been compromised in a hack. Although to do this they need to be included in your database.

HIBP creator Troy Hunt confirmed that he received information about the hack on September 30th. It was a 6.4 GB SQL file called “ia_users.sql” containing the login information of millions of Internet Archive users, including email addresses and Bcrypt hashed passwords. It’s true that hackers stole information from the Internet Archive, putting users’ safety at risk, but that’s not all.

DDoS attack and new stolen data. Although the Internet Archive’s systems had previously been compromised, cybercriminals announced this on October 9, followed by a DDoS attack that prevented users from changing their passwords (now that the page is working, it is advisable to change the password). Brewster Kahle of the Internet Archive confirmed the incident and stated that they will take a number of measures to restore the functionality of the platform and improve security.

Last weekend, cybercriminals were at it again. Several Reddit users reported receiving a suspicious email from The Internet Archive Team’s support team. We’re talking about the means of communication that anyone with the Internet Archive has to ask questions or, for example, demand that a site be removed from their archive. The attackers claimed that they had access to support tickets managed through the Zendesk platform.

“It is disappointing to see that even though we were notified of the breach two weeks ago, the Internet Archive has still not taken the necessary steps to rotate the leaked API keys into its GitLab,” the post said. If this turns out to be true, then the fact that attackers have access to official means of communication will not be good news. This resource can be used to run very effective phishing campaigns, that is, those in which a third party impersonates a legitimate organization.

Organization with a limited budget. The Internet Archive has more than 30 years of history and is a valuable treasure of the digital age in which we live. It offers us a glimpse into the past in a few clicks, but it also preserves a lot of content that is not available in any other way. We are now talking about an organization that, according to its founder, has not prioritized cybersecurity investments due to a limited budget of $20-30 million per year.

Images | Internet Archive | Screenshots

In Hatak | Access keys that want to hide our passwords face a big problem. We may have found a solution