2024 Internet Archive Hack
Submission 7,797
Part of a series on Internet Archive. [View Related Entries]
Overview
The 2024 Internet Archive Hack took place between October 9th and October 11th, 2024, with the site suffering a data breach that compromised over 31 million users, as well as a Distributed Denial of Service (DDoS) attack that brought down Archive.org and Openlibrary.org. A "hacktivist" group that goes by BlackMeta on X / Twitter claimed responsibility for the DDoS attack, claiming to be motivated by the Internet Archive's supposed connection to the U.S. government and by extension the government of Israel. Several internet users remained skeptical of this reasoning, given that the Internet Archive is a non-profit organization neither owned by the U.S. government nor claims to contribute to Israel, with some rumors speculating that the hackers were actually based in Russia.
Background
On October 8th, 2024, Internet Archive founder Brewster Kahle made a post on X noting that the site was under a DDoS attack.[1]
Later that day, Internet Archive users reported a JavaScript pop-up message claiming that the site had been hacked and that 31 million user accounts had been compromised. The message read, "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," where HIBP refers to the site "Have I Been Pwned?"[2]
Have I Been Pwned founder Troy Hunt confirmed the data breach, telling cybersecurity news site Bleeping Computer[3] that the hackers had shared the Internet Archive's authentication database with his site, including "email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data."
News of the hack was shared on the subreddit /r/technology[6] by Redditor /u/MayankWL on October 9th, 2024, where it gathered over 11,000 upvotes in a day. The JavaScript message was shared on /r/PCMasterrace[7] on October 9th as well, where Redditor /u/MrJWST gathered over 5,000 upvotes in a day.
Several X accounts posted about the hack on October 9th, 2024, including @LostMediaBuster[8] and @vxunderground,[9] the latter of which was mistakenly blamed for the hack.
Developments
On October 9th, 2024, the X[4] account @Sn_darkmeta (AKA BlackMeta) made a series of posts claiming responsibility for the DDoS attack on the Internet Archive, writing, "[The Internet Archive is] under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of 'Israel.'"
When pressed on the services Internet Archive provides for countries like Lebanon and Palestine, the account[5] wrote, "They need peace not ….internet archive."
Speculation over the hackers behind the attack continued to emerge over the following days, with several claiming it was a Russian group.[17] Numerous Redditors on October 10th, 2024, discussed and theorized that the hack originated from Russia based on timezones, location and language, speculating that it was orchestrated to be inflammatory, cause division and was not genuinely from a pro-Palestine group.[13][14]
For example, on October 10th, Redditor Corronchilejano made a comment on a post to the /r/technology[15] subreddit about the hack claiming that the group claims to be pro-Palestinian but is entirely based in Russia. They included a link and quote to a July 2024 article by The Record[16] covering SN_BLACKMETA that stated:
SN_BLACKMETA has operated its Telegram channel since November 2023, boasting of DDoS incidents and cyberattacks on infrastructure in Israel, the Palestinian Territories and elsewhere. While all of the group’s messages focus on the Palestinian Territories and perceived opponents to Palestine, many of its posts are written in Russian.
The group’s account on X also shows that it was created by someone in Staraya, a town in Novgorod Oblast, Russia. The account’s initial language was also set to Russian.
The researchers added that analysis of timestamps and activity patterns showed possible evidence that the actors within the group are operating in a timezone “close to Moscow Standard Time (MSK, UTC+3) or other Middle Eastern or Eastern European time zones (UTC+2 to UTC+4).”
Online Reactions
Several internet users condemned the DDoS attack on the Internet Archive, with X[10] user @tgzerosugar gathering over 100,000 likes on an October 9th, 2024 post that read, "Internet Archive is seriously one of those sites that we shouldn’t be trying to hack or take down."
Also on October 9th, X[11] user @PineappleCarl3 quoted the hacker group BlackMeta's post with a meme calling them a federal agent, gathering over 61,000 likes in two days.
On October 10th, 2024, the X[12] account @vxunderground noted that their post about the DDoS attack on Internet Archive had been mistaken for them claiming responsibility for the attack, gathering over 6,000 likes in a day.
Search Interest
External References
[1] X – brewster_kahle
[2] Bleeping Computer – Internet Archive Hack
[3] Bleeping Computer – Internet Archive Hack
[4] X – Sn_darkmeta
[5] X – Sn_darkmeta
[6] Reddit – /r/technology
[7] Reddit – /r/pcmasterrace
[8] X – LostMediaBuster
[9] X – vxunderground
[10] X – tgzerosugar
[11] X – PineappleCarl3
[12] X – vxunderground
[14] Reddit – r/technology
[15] Reddit – r/technology
[16] The Record – Middle East financial institution hit with six-day DDoS attack
[17] Ynetnews – Anti-Israel hacker group hacks 'Internet Archive', exposing 31 million users
Share Pin
Related Entries 1 total
Recent Images 12 total
Recent Videos 0 total
There are no recent videos.