Wayback’s Machine Was Hacked and 31 Million Email Addresses Were Stolen.
The Wayback Machine, a project of the Internet Archive, was an indispensable tool for browsing the World Wide Web of yore. The Internet is changing so quickly and dramatically that it can be a little shocking to see how different things were not so long ago. The site houses so much stuff, including old games and Nintendo Power magazines ; earlier this year he even saved MTV News archives .
Unfortunately, one of the greatest benefits of the Internet today is not making headlines for its merits: it has been hacked, and in dramatic fashion.
As reported by BleepingComputer , the site was hacked by an unknown attacker who managed to steal a database containing more than 31 million user records, which includes things like email addresses, usernames, password change timestamps, and hashed passwords. The hacker left a JavaScript warning on archive.org that read: “Have you ever felt like the Internet Archive runs on flash drives and is constantly on the verge of a catastrophic security breach? It just happened. See, 31 million of you are on HIBP!” (HIBP is short for Have I Been Pwned , which allows you to enter an email address to check if your credentials were involved in a data breach.)
BleepingComputer spoke with site creator Troy Hunt about this particular hack, who confirmed that the actor shared a 6.4GB file containing data from the HIBP hack 10 days ago. Hunt says the hack itself most likely occurred on September 28th and that the stolen data only included 31 million unique email addresses. At the time of publication of the BleepingComputer report, these emails had not yet been added to the HIBP database, but when they are added, users will be able to check whether they have been affected by this breach.
To make matters worse, the Internet Archive was attacked again, this time via a DDoS (distributed denial of service) attack. As of this writing, archive.org is currently unavailable, including the Wayback Machine.
This tweet is currently unavailable. It may be downloading or has been deleted.
What you can do to protect your data
For now, keep checking HIBP: by entering your email address here , you can see if your data was involved in this breach (and, of course, other internet breaches).
Unfortunately, there is nothing you can do to reverse the effects. However, you can take steps to prevent further exposure to your data. One is to keep a skeptical eye on any emails you receive: attackers will likely try to send you messages containing malicious links, perhaps trying to convince you that they have a solution to your compromised email address. Don’t click on these links and be wary of emails from strange accounts.
Next, let’s look at the identity theft protection service. These platforms can monitor your online data and stop fraudulent activity before it harms you. Our sister site PCMag has a list of their favorite services they’ve tested . The same goes for data deletion services : these options will look for sites and companies that have your data, such as email addresses, home addresses, and phone numbers, and request deletion of that data on your behalf. This can be useful in mitigating the effects of these leaks.