The Internet Archive's Wayback Machine is back up after hack
The Wayback Machine, a tool from the Internet Archive that allows users to visit archived versions of websites, is back online in read-only form after a hack last week. IA founder Brewster Kahle confirmed the news on Monday, posting on social media that users will not be able to save new pages for the time being. "Safe to resume but might need further maintenance, in which case it will be suspended again," Kahle wrote, adding, "Please be gentle."
News of the DDoS attack (which stands for "Distributed Denial of Service") broke on October 9, when users attempting to access the Wayback Machine were met with a JavaScript alert that read: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!" The hacker reportedly shared the Internet Archive's authentication database with Troy Hunt, creator of the site "Have I Been Pwned"; he confirmed to Bleeping Computer the breach "contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data." The timestamp of the breach, which included 31 million unique emails, reportedly occurred on September 18.
"What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords," Kahle posted to Twitter/X on October 9. "What we’ve done: Disabled the JS library, scrubbing systems, upgrading security." The following day, he posted that the "DDoS folks are back" and that IA "is being cautious and prioritizing keeping data safe at the expense of service availability." He later stated that the Internet Archive's "data has not been corrupted. Services are currently stopped to upgrade internal systems. We are working to restore services as quickly and safely as possible."
Let me share more on the chronology of this:
30 Sep: Someone sends me the breach, but I'm travelling and didn't realise the significance
5 Oct: I get a chance to look at it - whoa!
6 Oct: I get in contact with someone at IA and send the data, advising it's our goal to load…
— Troy Hunt (@troyhunt) October 9, 2024
It has not been confirmed whether the DDoS attack and the data breach came from the same source. Laying out a timeline of his involvement, Hunt noted that the site was attacked just as the breached data was being loaded into HIBP: "The timing on the last point seems to be entirely coincidental. It may also be multiple parties involved and when we're talking breach + defacement + DDoS, it's clearly not just one attack," Hunt wrote. A pro-Palestinian hacktivist group called SN_BLACKMETA has taken responsibility for the DDoS attack, stating on Twitter/X, "While our recent attack on the Internet Archive was not exclusively driven by our core mission and objectives, it reflects a broader intention and a need to draw attention to our ongoing struggle. We believe that highlighting the plight of innocent Palestinian people is essential, and targeting a significant digital resource like the Internet Archive serves to underscore the importance of their story and experiences."
The Internet Archive made headlines last month after losing an appeal in a copyright case against Hachette and three other publishers. The publishers took legal action against IA after the non-profit organization expanded its digital lending system Open Library, which was ruled in court as copyright infringement.