VOGONS


The Internet Archive has been hacked

Topic actions

First post, by schmatzler

User metadata
Rank Oldbie
Rank
Oldbie

There isn't much information out yet because it just happened, but apparently, archive.org's website has been defaced.

The website is currently offline, but it looks like our credentials have been stolen. I guess it's time for a password change when it comes back.

There's an ongoing discussion on Twitter about this:
https://xcancel.com/Malcoreio/status/1844121916573090027

The attachment GZejG8tXMAA66ka.png is no longer available

"Windows 98's natural state is locked up"

Reply 1 of 38, by BitWrangler

User metadata
Rank l33t++
Rank
l33t++

Supposedly 31 million accounts/passwords stolen. If you had an account and used that password for absolutely any other thing CHANGE IT NOW.

Unicorn herding operations are proceeding, but all the totes of hens teeth and barrels of rocking horse poop give them plenty of hiding spots.

Reply 2 of 38, by schmatzler

User metadata
Rank Oldbie
Rank
Oldbie

It's official now:

https://www.bleepingcomputer.com/news/securit … -million-users/

Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.

Do what BitWrangler says and change your password if you used it anywhere else. And if you did, seriously consider using password managers with random password generators (like Bitwarden or the inbuilt browser password managers of Firefox and Chrome) in the future.

"Windows 98's natural state is locked up"

Reply 4 of 38, by Joseph_Joestar

User metadata
Rank l33t++
Rank
l33t++

Great. I literally created an account a few weeks ago because they suddenly started requiring log ins for downloading "popular" items. Ah well, that account had a unique password which I never used anywhere else.

But this still sucks, because an exposed email address means more spam. There's also the possibility of it getting abused for websites that require an email address for registration, but don't use any kind of verification to confirm that you're actually the owner of that email account.

PC#1: Pentium MMX 166 / Soyo SY-5BT / S3 Trio64V+ / Voodoo1 / YMF719 / AWE64 Gold / SC-155
PC#2: AthlonXP 2100+ / ECS K7VTA3 / Voodoo3 / Audigy2 / Vortex2
PC#3: Athlon64 3400+ / Asus K8V-MX / 5900XT / Audigy2
PC#4: i5-3570K / MSI Z77A-G43 / GTX 970 / X-Fi

Reply 6 of 38, by Rawit

User metadata
Rank Oldbie
Rank
Oldbie

My old deleted account is included in the hack as well as my current (recent) one. Just be aware if you ever had an account the credentials might be out there now.

YouTube

Reply 7 of 38, by MAZter

User metadata
Rank Oldbie
Rank
Oldbie

Passwords is Bcrypt-hashed

Time-to-Crack-bcrypt-hashed-passwords.jpg

Doom is what you want (c) MAZter

Reply 8 of 38, by Norton Commander

User metadata
Rank Member
Rank
Member

Apparently the site was unavailable because of a DDOS attack.

https://www.theregister.com/2024/10/10/intern … ddos_data_leak/

I never created an account at IA since I rarely download from there so all good here.

Reply 9 of 38, by Robbbert

User metadata
Rank Member
Rank
Member

Makes me wonder who would benefit from making the site unavailable ... besides copyright holders, that is.

Reply 10 of 38, by subhuman@xgtx

User metadata
Rank Oldbie
Rank
Oldbie
Rawit wrote on 2024-10-10, 07:24:

My old deleted account is included in the hack as well as my current (recent) one. Just be aware if you ever had an account the credentials might be out there now.

Couldn't even reset my password 'cause it got offline before I even received my password reset mail. Yay

7fbns0.png

tbh9k2-6.png

Reply 11 of 38, by BitWrangler

User metadata
Rank l33t++
Rank
l33t++
Robbbert wrote on 2024-10-10, 14:28:

Makes me wonder who would benefit from making the site unavailable ... besides copyright holders, that is.

Since it is kind of a senseless target which would only bring bad publicity and rage against those blamed for it, probably not who is getting blamed for it.

Unicorn herding operations are proceeding, but all the totes of hens teeth and barrels of rocking horse poop give them plenty of hiding spots.

Reply 12 of 38, by dormcat

User metadata
Rank Oldbie
Rank
Oldbie
MAZter wrote on 2024-10-10, 12:30:

Passwords is Bcrypt-hashed

Thanks for sharing! There's a small error in the cell of "8 characters, upper and lower case": should be 2.4 "years" instead of "days" as it should be safer than either 7 characters of the same method (cell above, 16.2 days) or 8 characters with lower case only (cell to the left, 4 days).

Reply 13 of 38, by Robbbert

User metadata
Rank Member
Rank
Member

Also, the cracking times are just an estimate. It might be that they happen to guess your password on the first try. That's why you need to make it as long and complex as you can, to reduce the chance of that happening.

Reply 14 of 38, by tauro

User metadata
Rank Member
Rank
Member

They are facing big lawsuits right now, mostly related to the book "lending" service.
The prospect of losing archive.org (including the web archive) is hard to accept but, I think we should prepare ourselves.

Reply 16 of 38, by Norton Commander

User metadata
Rank Member
Rank
Member

To be honest I'm surprised they're still around. There's terabytes of copyrighted software being hosted there. How DMCA hasn't shut them down a long time ago is astounding.

Reply 17 of 38, by Joseph_Joestar

User metadata
Rank l33t++
Rank
l33t++

It would be a huge loss if archive.org went down permanently. Mostly because of The Wayback Machine, which holds a lot of information that's no longer available anywhere else. Such as Creative's EAX Featured Games list and developer interviews. Also, archived support pages of motherboard manufacturers that are no longer in business, which are sometimes complete with BIOS images and release notes.

I couldn't care less about copyrighted games or whatever being removed from there, but not having access to the archived driver CDs and BIOS files for retro motherboards and GPUs would be a pretty big issue for me.

PC#1: Pentium MMX 166 / Soyo SY-5BT / S3 Trio64V+ / Voodoo1 / YMF719 / AWE64 Gold / SC-155
PC#2: AthlonXP 2100+ / ECS K7VTA3 / Voodoo3 / Audigy2 / Vortex2
PC#3: Athlon64 3400+ / Asus K8V-MX / 5900XT / Audigy2
PC#4: i5-3570K / MSI Z77A-G43 / GTX 970 / X-Fi

Reply 18 of 38, by Errius

User metadata
Rank l33t
Rank
l33t

It's the election. The whole internet has gone to shit the last couple of years because of this damn election. It's not just the Internet Archive, but also Youtube, google, reddit. They've all become unusable. (Similar shit happened in the lead up to 2020, but not as bad as this.)

Hopefully we will get usable internet back once this damn election is out of the way.

Is this too much voodoo?

Reply 19 of 38, by MAZter

User metadata
Rank Oldbie
Rank
Oldbie
dormcat wrote on 2024-10-11, 02:59:

Thanks for sharing! There's a small error in the cell of "8 characters, upper and lower case": should be 2.4 "years" instead of "days" as it should be safer than either 7 characters of the same method (cell above, 16.2 days) or 8 characters with lower case only (cell to the left, 4 days).

Correct, 🤣.

“Update: @internetarchive’s data has not been corrupted. Services are currently stopped to upgrade internal systems. We are working to restore services as quickly and safely as possible. Sorry for this disruption.”

Doom is what you want (c) MAZter