Internet Archive Hack Exposes 31 Million Accounts

Troy Hunt (Troy Hunt), the creator of the compromised passwords checker “Have I Been Pwned” (haveibeenpwned.com), has received information about a data breach involving the user base of the Internet Archive (archive.org), a site that serves as an online archive and digital library. The breach was carried out through a SQL dump by attackers, compromising the data of 31 million users on Archive.org. Additionally, a JavaScript code on the archive.org site triggers a pop-up window disclosing information about the hack.

A warning about the breach has been issued by the administration of Archive.org, but no official statements or explanations have been released yet. The SQL dump that has surfaced online contains over 6 GB of data, including hashed user passwords in bcrypt format, as well as information on password changes, emails, and usernames. The most recent entry in the leaked database dates back to September 28.

The validity of the leaked database has been confirmed by security researcher Scott Helme (Scott Helme), who was able to match a password hash and change time from the dump with data from his password manager. Users concerned about the security of their accounts can check for potential compromises through services like Have I Been Pwned, which has already incorporated data from the Archive.org breach. Have I Been Pwned currently monitors 14 billion passwords and provides information on breaches from 817 websites.

/Reports, release notes, official announcements.