What happened

For several days now, users have been encountering a pop-up window when visiting The Wayback Machine. It reads: “Have you ever felt like the Internet Archive was running on empty and constantly on the verge of a catastrophic security breach? It just happened. Call your 31 million accounts on HIBP.” This message was left by hackers who hacked the site. stealing lots of user dataThe Verge writes. But at the same time, the service was subject to many powerful DDoS attacks.

HIBP It’s a data breach notification service called “Have I Been Pwned?” There everyone can check whether their data has been leaked into the network, stolen on this or that site, or sold on hacker forums. Often cybercriminals share the stolen data with the site themselves to publicize their “exploits.”

HIBP creator Troy Hunt told BleepingComputer on September 30 that an attacker shared the Internet Archive’s authentication database, which is the size of an SQL file. 6.4 gigabytes. The database contains authentication information of registered users. email addresses, screen names, password change timestamps, Bcrypt-hashed passwords and other internal data.

Hunt says there are 31 million unique email addresses in the database, many of which are subscribed to HIBP’s data breach notification service. This data will soon be added to the service, allowing users to know that their data has been exposed as a result of this leak.

The data was further verified after Hunt contacted some of the users listed in the databases, including cybersecurity researcher Scott Helm. Helm confirmed that the data obtained from the HIBP site matched the data he entered into the site himself. He also confirmed that the timestamp in the database record matched the date he last changed his password in the password manager. Therefore, it can be argued that: the leak is real and the Wayback Machine was indeed hacked.

DDoS attacks have been going on for a while. The first problems started on October 8. This first attack was successfully repelled, but the events continued the next day. The same thing happened on October 10. Since the Wayback Machine site is currently still down, it can be inferred that another attack of this type is currently ongoing or that the archive administrators have manually taken the site offline. Internet Archive founder Brewster Kale wrote that the archive “exercises caution and prioritizes data security at the expense of service availability.”

Who is behind this?

Known to be responsible for DDoS attack hacktivist group BlackMeta. He promises to carry out additional attacks later. However, it is unknown whether he is responsible for the hacking and theft of data.

Troy Hunt says the timing of both attacks appeared “completely random” and that “more than one party” was likely involved.

It is clear that this was not a single attack.
– wrote Hunt.

BlackMeta positions itself as a pro-Palestinian hacker group, and social media page X states that the group originates from the city of Stara Rusa in Russia’s Novgorod region. Hackers said this One of the reasons for the attack is the claim that the Internet Archive belongs to “the USA, which supports Israel”.however, Wayback Machine is a non-profit organization that collects all resources, including those related to Palestine, Israel, and other countries. Just because certain pages are registered there does not mean supporting one side or condemning the other. This is a common archive for all pages.

A video in Russian was published on the Twitter page of Russian criminals, claiming that they have taken a stand since the beginning of the war in Gaza and declared themselves the “voice of freedom”, the “voice of the oppressed” and the “voice of the oppressed”. “an army for those in need”. The speech is accompanied by images of the Israeli army breaking up Palestinian protests or interacting with Palestinians. At the same time, for some reason they “forgot” to include the footage of the massacre committed by terrorists in Israel in October 2023. But they say they were behind a similar six-day attack in May that was all over the news and widely discussed on social media, saying they were “not teenagers hiding behind computer screens.”

BlackMeta launched its Telegram channel on November 23 and claimed responsibility for a number of other attacksThese include a six-day DDoS attack on Arab financial institutions and several attacks on Israeli tech companies in the spring, Gizmodo writes.

The hacker group did not claim responsibility for the hacking and data theft, only the DDoS attack. So the story is probably not over yet and we will learn the rest in the near future.