Linkedin Tag

Back to blog

The Internet Archive Hack: How JavaScript fits in the picture

Friday, October 18th, 2024

Updated October 17th, 2024
Simon Wijckmans's profile picture

Simon Wijckmans

Founder & CEO

The Internet Archive, known best for The Wayback Machine, experienced a security breach yesterday. This was not the first time it had been targeted.

A mocking JavaScript popup appeared, stating:

Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!

undefined

HIBP, short for Have I Been Pwned?, is a site where users can check if their personal information has been compromised in a data breach. Troy Hunt, who runs HIBP, told BleepingComputer that he received a file days ago containing internal data for 31 million unique email addresses. He verified the data’s authenticity by comparing it with a user’s account details.

undefined

The Internet Archive is an invaluable resource when researching cyberattacks. During our investigation into the Polyfill attack, we used it to uncover a fraudulent “Cloudflare Security Protection” tag.

PolyfillWebsiteOnInternetArchive-cside.dev.webp

It's disheartening to see non-profit organizations targeted by cybercriminals. While this incident involved a backend breach, no website is fully protected from the client-side attacks that we defend against.

As a result, we have decided to offer our services free of charge to any non-profit organization. Those that wish to use c/side for their non-profit organizations will gain access to our advanced tools at no cost.

Simon Wijckmans's profile picture

More About Simon

Founder and CEO of c/side. Building better security against client-side executed attacks, and making solutions more accessible to smaller businesses. Web security is not an enterprise only problem.