If you went to the Internet Archive last week to hear some fan-recorded concert audio, you may have been greeted with a strangely cheeky message. “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened,” the ominous message read. Last week, the digital memory bank suffered a cyberattack that leaked usernames and passwords of 31 million users and has the website running at a reduced capacity.
The Internet Archive is a website of many uses: borrowing books from the digital library, accessing archived webpages on the Wayback Machine, watching long-forgotten media, and much more. In the digital age, it has also become a vital resource for live music aficionados who use the website to host amateur recordings of live concerts. Whereas Grateful Dead fans popularized the concept of “tape trading,” borrowing and copying one another’s homemade concert recordings, jam band fans of the modern era can access decades’ worth of live audio from a seemingly endless stream of bands—all of whom allow fans to record their concerts and disseminate the media across the internet (free of charge, of course).
Whatever reason brought users to the Internet Archive last week, they were all greeted by the same hijacked screen message. Internet Archive founder Brewster Kahle confirmed the cyberattack with a series of posts on X, writing “What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it.”
As of this publication, the Internet Archive is back online in a read-only capacity. The Wayback Machine—which creates backups of webpages dating back to 1996—is currently operational with access to over 916 billion pages, though it is unable to archive currently active screens. Kahle stated that services will remain offline as the team works to identify and fix problems on the website.
According to Troy Hunt, founder of data breach resource index Have I Been Pwned which allows users to look up their email address to see if it has been leaked, his company first received the breached data on September 30th. The following week, he contacted the IA team about the leak. As Hunt’s team was loading the 31 million unique addresses, the Internet Archive was hit with a DDoS (Distributed Denial of Service, a cyber-attack that overwhelms a website so that users cannot access its services) and defaced with the errant Javascript greeting. In a post on X, Hunt said he believes the timing was entirely coincidental. Have I Been Pwned also confirmed that 54% of the accounts from the Internet Archive breach were already in its database from previous attacks.
Let me share more on the chronology of this:
30 Sep: Someone sends me the breach, but I’m travelling and didn’t realise the significance
5 Oct: I get a chance to look at it – whoa!
6 Oct: I get in contact with someone at IA and send the data, advising it’s our goal to load…— Troy Hunt (@troyhunt) October 9, 2024
So, what does this mean for Internet Archive users around the globe? In subsequent posts, Kahle confirmed that the website’s data had not been corrupted, meaning that none of the recordings, books, webpages, or other files were lost. The site’s services are only stopped to upgrade the internal systems, with Kahle stating on October 11th that the estimated timeline for the site’s return is “days, not weeks.” His most recent update on October 14th announced the return of the Wayback Machine but noted that the site may need further maintenance “in which case it will be suspended again. Please be gentle.”
For the time being, it might be worthwhile to dig up those old tapes.