Internet Archive's Wayback Machine suffered data breach, 31 million user accounts exposed

The Internet Archive's Wayback Machine has experienced a significant data breach, resulting in the theft of a user authentication database. The breach, which affected 31 million unique records, came to light on Wednesday afternoon when visitors to The Internet Archive encountered a JavaScript alert from the hacker. The alert suggested the Internet Archive's security was precarious and announced the breach, referencing Have I Been Pwned? (HIBP), a site for checking data exposure from cyberattacks.

Troy Hunt, the operator of HIBP, confirmed to Bleeping Computer that he received a file containing sensitive user information nine days prior. This file included email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data. Hunt verified the authenticity of the breach by matching the data with an existing user account. The most recent timestamp on the compromised records indicates the data was likely stolen on September 28th, 2024. Details on how the breach occurred or if additional data was compromised remain unknown.