Internet Archive Was Exposing User Email Addresses for Years Before Recent Breach

The Internet Archive recently was the target of a data breach that exposed information related to 31 million users, including their usernames and email addresses, among other materials. The group SN_Blackmeta has claimed responsibility for a concurrent DDoS attack that took the site offline. The party responsible for the data breach has not yet been identified.

Related

New York Times Doesn’t Want Its Stories Archived

The nonprofit Internet Archive plays a vital role in online culture, preserving web content and other digitized materials and operating the popular Wayback Machine, which lets visitors see historic versions of websites.

It is not yet clear how the data breach occurred, though some in the information security community have speculated that credentials for the Internet Archive’s servers may have been found in the logs of “information stealer” malware, which exfiltrates sensitive information from infected systems.

The recent data breach is not the only way that Internet Archive user email addresses have been vulnerable online. But for more than a decade, the Internet Archive has been exposing the email addresses of anyone........

© The Intercept