Cyber Blog

A group affiliated with a pro-Palestinian hacktivist movement has launched a major cyberattack, compromising the information of 31 million users, including email addresses and usernames.

An account named SN_BlackMeta on X (formerly Twitter) has claimed responsibility for the attack on The Internet Archive, a nonprofit known for its digital library and the Wayback Machine. SN_BlackMeta, which has been linked to a previous cyberattack on a Middle Eastern financial institution, implied that more attacks are on the horizon. Security analysts have also connected SN_BlackMeta to a pro-Palestinian hacktivist movement.

In addition to email addresses and usernames, encrypted passwords were exposed in the breach. Although encrypted passwords are generally secure, users have been advised to update their credentials as a precaution. One cybersecurity expert also suggested refraining from accessing or downloading files from The Internet Archive until the organization declares an “all clear.”

The attack included Distributed Denial-of-Service (DDoS) attacks that temporarily took down The Internet Archive’s website, archive.org, on Wednesday and continue to affect its availability. The Wayback Machine, an archival feature of the site, remains inaccessible.

A message from Brewster Kahle, founder of The Internet Archive, confirmed the incident and acknowledged the ongoing DDoS attacks. Kahle outlined the organization’s response, which includes disabling certain systems, removing affected JavaScript libraries, and implementing additional security measures.

A pop-up message on The Internet Archive’s site alerted visitors to the breach on October 9, stating, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” This message references Have I Been Pwned? (HIBP), a service that tracks compromised data.

Troy Hunt, founder of HIBP, confirmed he had received a database containing email addresses, screen names, bcrypt-hashed passwords, and other internal data for 31 million users associated with The Internet Archive. He posted on X, stating he had been in contact with The Internet Archive about the breach and was surprised to hear from users about the website defacement.

Since the announcement, The Internet Archive’s website has experienced additional disruptions. According to Jason Meller, VP of Product at 1Password, the incident indicates a severe breach, suggesting attackers gained access to backend infrastructure and compromised the integrity of site content. Meller recommended avoiding the website until the investigation is complete.

The hacker group SN_BlackMeta has previously been linked to large-scale DDoS attacks, including a significant attack on a Middle Eastern bank earlier this year, reportedly using a DDoS-for-hire service called InfraShutdown. The cybersecurity firm Radware has connected SN_BlackMeta to this hacktivist movement and its use of DDoS services.

In an October 9 post, SN_BlackMeta announced, “The Internet archive has and is suffering from a devastating attack. We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down.” The group also alluded to political motivations behind the attack, which it justified with anti-U.S. sentiments despite the archive’s nonprofit status and its catalog of global resources, including on Palestine.

Though SN_BlackMeta claimed responsibility for the DDoS attack, Meller noted it’s still unclear if the group was directly involved in the data breach and defacement, which coincided with the DDoS assault.