Skip to main content

The Wayback Machine has been hacked, and the internet isn’t happy about it

A person using a laptop with a set of code seen on the display.
Sora Shimazaki / Pexels

The Internet Archive is the type of target you’d hope never gets exposed. The organization’s Wayback Machine is a digital archive of the internet, and thus, contains an absolute goldmine of data. Yet, here we are. Data breaches and hacks happen all the time, but I’ve never seen so much vitriol toward the hackers on Twitter and Reddit than with this incident. People are already comparing it to the burning of the library of Alexandria.

So, what happened? The situation is ongoing, but here’s what we know right now, starting with the data breach. Hacking group SN_Blackmeta allegedly stole 31 million emails, passwords, and usernames from the Internet Archive’s Wayback Machine in an attack that likely occurred on September 28, 2024, according to Bleeping Computer reports.

Recommended Videos

Users discovered the breach when the following pop-up message was displayed using a JavaScript library: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!.”

The breach was confirmed when Troy Hunt, the creator of Have I Been Pwned, told Bleeping Computer that the hackers shared the Internet Archives’ authentication database nine days ago. The database is a 6.4GB SQL file called “ia_users.sql.”

Other data stolen include Bcrypt-hashed passwords, password change time stamps, and other internal data. The latest time stamp gave the September date as the breach date. The stolen data should be added to the HIBP site so users can check if their data is compromised. So far, there is no official information on how the hackers stole the information or if any other data was compromised.

Separately, the Internet Archive owner, Brewster Khale, also confirmed a DDoS attack that brought the site down. A Distributed Denial of Service (DDoS) attack floods a website with malicious traffic to slow it or shut it down completely. According to Kahle, the first DDoS attack appears to have happened on October 8, taking archive.org down, only to have the same attack repeated on October 10.

What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.

What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.

Will share more as we know it.

— Brewster Kahle (@brewster_kahle) October 10, 2024

The hackers have reportedly confirmed that this is not the only attack they will perform since they have confirmed additional attacks. To sum it up, the site is experiencing two types of attacks: DDoS and data breach, but right now, the two haven’t officially been linked.

The last official update from the Internet Archive was from early this morning, and archive.org remains down.

Judy Sanhz
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Apple’s internal tests show Siri isn’t quite ready to beat ChatGPT
Apple Intelligence update on iPhone 15 Pro Max.

With the introduction of the new iPad Mini, Apple made it clear that a software experience brimming with AI is the way forward. And if that meant making the same kind of internal upgrades to a tablet that costs nearly half as much as its flagship phone, the company would still march forward.

However, its ambitions with Apple Intelligence lack competitive vigor, and even by Apple’s own standards, the experience hasn’t managed to wow users. On top of that, the staggered rollout of the most ambitious AI features — many of which are still in the future — has left enthusiasts with a bad impression.

Read more
No, generative AI isn’t taking over your PC games anytime soon
Cyberpunk 2077 running on the Samsung Odyssey OLED G8.

Surprise -- the internet is upset. This time, it's about a recent article from PC Gamer on the future of generative AI in video games. It's a topic I've written about previously, and something that game companies have been experimenting with for more than a year, but this particular story struck a nerve.

Redditors used strong language like "pro-AI puff piece," PC Gamer itself issued an apology, and the character designer for Bioshock Infinite's Elizabeth called the featured image showing the character reimagined with AI a "half-assed cosplay." The original intent of the article is to glimpse into the future at what games could look like with generative AI, but without the tact or clear realization of how this shift affects people's jobs and their creative works.

Read more
Adobe is giving creators a way to prove their art isn’t AI slop
Zoom blur background in Photoshop on a MacBook.

With AI slop taking over the web, being able to confirm a piece of content's provenance is more important than ever. Adobe announced on Tuesday that it will begin rolling out a beta of its Content Authenticity web app in the first quarter of 2025, enabling creators to digitally certify their works as human-made, and is immediately launching a Content Authenticity browser extension for Chrome to help protect content creators until the web app arrives.

Adobe's digital watermarking relies on a combination of digital fingerprinting, watermarking, and cryptographic metadata to certify the authenticity of images, video, and audio files. Unlike traditional metadata that is easily circumvented with screenshots, Adobe's system can still identify the creator of a registered file even when the credentials have been scrubbed. This enables to company to “truly say that wherever an image, or a video, or an audio file goes, on anywhere on the web or on a mobile device, the content credential will always be attached to it,” Adobe Senior Director of Content Authenticity Andy Parsons told TechCrunch.

Read more