A hacker group linked to a pro-Palestinian hacktivist movement has claimed responsibility for a major cyberattack on The Internet Archive, compromising the personal details of 31 million users. The breach, which exposed email addresses, screen names, and encrypted passwords, has left security experts advising users to update their credentials immediately.

The attack, claimed by a group using the handle SN_BlackMeta on X (formerly Twitter), has also been linked to a series of Distributed Denial-of-Service (DDoS) attacks that have taken the nonprofit’s website, archive.org, and its popular Wayback Machine offline. Brewster Kahle, founder of The Internet Archive, confirmed the breach and ongoing attacks, stating that the organization is “scrubbing systems and upgrading security.”

In an alarming message displayed on the compromised website, hackers warned, “31 million of you on HIBP!” referencing the popular breach notification service *Have I Been Pwned?* Troy Hunt, founder of HIBP, later confirmed that the exposed data had been shared with him, noting that 54% of the compromised email addresses had already appeared in previous breaches.

The Internet Archive, founded in 1996, is a nonprofit organization known for preserving billions of digital records, including webpages, texts, and videos. Its Wayback Machine is a widely-used tool for viewing archived websites.

Impact of the Breach

Although the passwords were encrypted using bcrypt, a strong hashing algorithm, cybersecurity experts urge users to change their passwords as a precautionary measure. “Avoid using any files from the site until they’ve declared an all-clear,” warned Jason Meller, VP of Product at 1Password. The breach appears to have occurred around late September when attackers exploited a vulnerability in a JavaScript library used by The Internet Archive.

The attack by SN_BlackMeta marks the group’s latest move in a series of politically motivated cyberattacks. In May 2024, the same group launched DDoS attacks against the Internet Archive and Middle Eastern financial institutions, using a new DDoS-for-hire service, InfraShutdown.

Ongoing Disruptions and Future Concerns

The Internet Archive remains largely offline due to repeated DDoS attacks, with the organization directing users to follow updates on social media. Kahle assured users that measures are being taken to improve security and restore services. However, experts warn that it may take time before the site is fully operational again.

As the investigation into the breach continues, users are urged to stay vigilant and monitor their accounts for any suspicious activity.