Internet Archive and Open Library Offline Due to Data Breach and DDoS Attacks

Published on October 14, 2024
Written by:
Lore Apostol
Lore Apostol
Infosec Writer & Editor

The nonprofit Internet Archive’s primary sites, Archive.org and OpenLibrary.org, are currently offline following a severe data breach and a series of Distributed Denial-of-Service (DDoS) attacks. The breach allegedly exposed the credentials and email addresses of more than 31 million users.

The breach is believed to have occurred on September 28 with the leak of a 6.4GB SQL file containing sensitive user data, including email addresses, screen names, and bcrypt password hashes of 31,081,179 users, who only became aware of this breach two days ago when a JavaScript alert notified them of the incident. 

This breach has brought to light concerns regarding the Internet Archive's handling of JavaScript, which is considered central to the security lapse.

Source: Cyble

Following the breach revelation, the pro-Palestinian hacktivist group SN_BLACKMETA launched a DDoS attack, further complicating the situation. This group appears to have misunderstood the Internet Archive's mission, erroneously associating it with U.S. governmental activities.

Source: Cyble

The decision to take both sites offline—prioritizing data safety over availability—has sparked debate within the cybersecurity community regarding the Internet Archive's security practices. Commentators have pointed out the necessity for robust security measures, especially for large-scale sites like Archive.org.

Source: Internet Archive

Kevin Beaumont, an independent cybersecurity researcher, emphasized the misdirected nature of the attacks, pointing out that the Internet Archive is a valuable resource maintained on minimal resources.

Brewster Kahle, founder of the Internet Archive, reassured the public that although services are currently offline, the data remains secure. Recovery efforts are underway, with an estimated timeline of "days, not weeks" before normal service is restored.

This incident underscores the need for enhanced security protocols to safeguard digital repositories that serve as critical knowledge reservoirs for global audiences. The Internet Archive's experience serves as a cautionary tale for other organizations reliant on public trust and digital integrity.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: