The Internet Archive, known best for The Wayback Machine, experienced a security breach yesterday. This was not the first time it had been targeted.
A mocking JavaScript popup appeared, stating:
Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!
HIBP, short for Have I Been Pwned?, is a site where users can check if their personal information has been compromised in a data breach. Troy Hunt, who runs HIBP, told BleepingComputer that he received a file days ago containing internal data for 31 million unique email addresses. He verified the data’s authenticity by comparing it with a user’s account details.
The Internet Archive is an invaluable resource when researching cyberattacks. During our investigation into the Polyfill attack, we used it to uncover a fraudulent “Cloudflare Security Protection” tag.
It's disheartening to see non-profit organizations targeted by cybercriminals. While this incident involved a backend breach, no website is fully protected from the client-side attacks that we defend against.
As a result, we have decided to offer our services free of charge to any non-profit organization. Those that wish to use c/side for their non-profit organizations will gain access to our advanced tools at no cost.