This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Internet Archive

Summary

On 9 October 2024, the Internet Archive's Wayback Machine breach was dramatically announced via JavaScript alert: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!" The attacker stole a 6.4GB database on 28 September containing 31 million users' email addresses, screen names, password change timestamps, and Bcrypt-hashed passwords. The breach coincided with BlackMeta DDoS attacks (believed unconnected). On 20 October, a second breach compromised the Zendesk support email system.

What Happened

Attackers stole the Internet Archive's authentication database nine days before public disclosure. The 6.4GB SQL file contained email addresses, screen names, Bcrypt-hashed passwords, and internal data with timestamps through 28 September 2024.

Impact on Individuals

31 million Internet Archive users had authentication credentials exposed, creating account takeover risks despite Bcrypt password hashing.

Organisational Response

Internet Archive acknowledged the breach following the JavaScript alert defacement and subsequent Zendesk system compromise on 20 October.

Verification Source: View original statement