Threat Actor: SN_BLACKMETA | SN_BLACKMETA
Victim: Internet Archive | Internet Archive
Price: Not disclosed
Exfiltrated Data Type: Email addresses, screen names, encrypted passwords
Key Points :
- The Internet Archive has been experiencing DDoS attacks since May 2024, attributed to the Russian-based hacking group SN_BLACKMETA.
- A significant data breach occurred on September 28th, affecting 31 million users, with data dumped online and shared with Have I Been Pwned (HIBP).
- The attackers defaced the Internet Archive’s website, displaying a message about the breach and directing users to check their data on HIBP.
- The breach suggests a deeper infiltration, with attackers possibly having access for at least ten days before being detected.
- No ransom demands have been made, leading to speculation about the attackers’ motives, which could range from political motivations to malicious mischief.
- Internet Archive founder Brewster Kahle confirmed the breach and stated that security upgrades are underway to protect user data.
- Users are advised to remain vigilant against potential phishing scams that may arise from the stolen information.
The Internet Archive, a non-profit digital library beloved for its Wayback Machine, has been battling a relentless wave of DDoS attacks since May 2024. While these attacks, often attributed to a Russian-based hacking group called SN_BLACKMETA, have caused service disruptions, a far more concerning development has recently come to light.
On September 28th, a major security breach resulted in the theft of data belonging to 31 million Internet Archive users. This information, including email addresses, screen names, and encrypted passwords, was dumped online and subsequently shared with the breach notification platform, Have I Been Pwned (HIBP).
The hackers defaced the Internet Archive website with a taunting pop-up message, bragging about the breach and directing users to HIBP to check if their data was compromised. This defacement, achieved by manipulating the website’s JavaScript, suggests a deeper infiltration than initially suspected, with the attackers lurking undetected for at least ten days.
Here’s the popup content:
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
While the DDoS attacks seem aimed at disrupting access to the archive, the motive behind the data breach remains shrouded in mystery. No ransom demands have been made, leaving cybersecurity experts to speculate about the attackers’ ultimate goal. Some theorize that the attackers may be attempting to erase specific content from the archive, while others suggest it could be a politically motivated attack or simply an act of malicious mischief.
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
— Brewster Kahle (@brewster_kahle) October 10, 2024
Internet Archive founder Brewster Kahle has confirmed the breach and assured users that the website is undergoing security upgrades and system scrubbing. He also emphasized that the archive does not store sensitive user data, and the encrypted nature of the passwords minimizes the risk of direct account compromise. However, users are urged to remain vigilant against potential phishing scams that may exploit the stolen information.
Related Posts:
Original Source: https://securityonline.info/internet-archive-under-siege-ddos-attacks-and-a-mysterious-data-breach/