The Internet Archive’s “Wayback Machine” experienced a significant data breach, compromising a user authentication database with 31 million unique records.
According to Bleeping Computer* the breach became public when visitors to archive.org saw a JavaScript alert from the hacker, mentioning the breach and referencing the “Have I Been Pwned” (HIBP) service. Troy Hunt, the creator of HIBP, confirmed that the stolen database, a 6.4GB SQL file named “ia_users.sql,” contains email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data. The most recent data in the database is from September 28th, 2024.
Hacking the past is usually technically impossible, but this data breach is the closest we may ever come to it. The stolen dataset includes personal information but at least the stolen passwords are encrypted. However, it’s a good reminder to make sure all your passwords are unique as even encrypted passwords can be cross references against previous uses of it. Have I Been Pwned is a fantastic free service that can be used after a breach. It securely contains millions of breached usernames and passwords for people to safely check their credentials against the database to check if they have ever been caught up in a breach. If you find your data in any known breaches, it would be a good idea to change those passwords and implement multi factor authentication.
by Jake Moore, ESET
*ESET does not bear any responsibility for the accuracy of this information.
ESET Ireland 