October 9, 2024 at 09:41PM
The Internet Archive faced a DDoS attack causing a five-hour outage and exposed 31 million user accounts. Data leak services reported the breach, revealing email addresses, usernames, and password hashes. The organization is enhancing security measures and has disabled the compromised JS library, promising further updates as they arise.
### Meeting Takeaways
1. **Incident Overview:**
– The Internet Archive experienced a distributed denial-of-service (DDoS) attack on Wednesday afternoon US time, making their site unavailable for up to five hours.
2. **User Data Breach:**
– During the DDoS attack, a significant data leak was reported, affecting 31,081,179 user accounts. Exposed information includes email addresses, screen names, and bcrypt password hashes.
3. **Confirmation and Response:**
– Brewster Kahle confirmed the breach, noting a defacement of the website via a JavaScript library, and acknowledged the compromise of usernames, emails, and salted-encrypted passwords.
– The organization has taken steps to disable the vulnerable JavaScript library and is actively scrubbing systems and upgrading security measures.
4. **Communication and Further Information:**
– Kahle has pledged to provide more information as it becomes available but has not elaborated on the specifics of the incident.
– The relationship between the DDoS attack and the data breach has yet to be clarified.
5. **Recent Challenges:**
– The Internet Archive has faced multiple issues in 2024, including a legal loss regarding digital asset lending rights, power failures leading to service outages, and previous DDoS attacks.
6. **Awaiting Further Comments:**
– The Register is awaiting a response from the Internet Archive regarding the incidents but has yet to receive one at the time of publication.