Internet Archive had a user authentication database with 31 million records compromised in a breach late last month, which was first discovered Wednesday afternoon following a JavaScript alert on the site posted by the threat actor, just as its website was taken down by a distributed denial-of-service intrusion claimed by the BlackMeta hacktivist operation, reports BleepingComputer.
Included in the 6.4 GB SQL database were Internet Archive members' email addresses, usernames, Bcrypt-hashed passwords and password change timestamps, as well as other internal details as recent as September 28, when the attack was believed to have taken place, according to Have I Been Pwned breach notification service creator Troy Hunt, who obtained a copy of the exfiltrated database more than a week ago. Both Hunt and cybersecurity researcher Scott Helme, who was also part of the breach, have confirmed the legitimacy of the stolen records. Meanwhile, BlackMeta announced plans for additional attacks against Internet Archive, which has yet to comment on the intrusion.
