The Internet Archive has recovered from recent cyberattacks, reinstating its main sites and services, with only a few minor features pending restoration. Following attacks that compromised user accounts and led to a DDoS attack, the Archive’s director confirmed that major resources, including the Wayback Machine and Open Library, are operational. Despite budget constraints impacting cybersecurity measures, the organization is committed to enhancing security and ensuring user data safety while gradually restoring all services.
The Internet Archive has successfully bounced back from a series of severe cyberattacks last month, restoring access to nearly all its primary sites and services. A few minor features remain unavailable but will soon be operational.
In a recent blog update, Chris Freeland, the director of library services at the Internet Archive, confirmed that key components like the Wayback Machine, Open Library, Archive-It, Vault, and University Archives are fully functional again.
On the main archive page, users can once again access various services, including public texts, news searches, media files, institutional downloads, and more. Freeland reassured users, “Other services and features will soon be available online.”
While the Internet Archive may seem like a single entity, it actually functions as a hub for numerous resources. Users can explore a wealth of digital relics from the past, such as software, music, movies, TV shows, and books. The Open Library offers an extensive collection of e-books for reading and borrowing.
Archive-It, a subscription service, assists organizations in creating vast collections of digital assets like videos and social media posts. Meanwhile, The Vault serves as a digital repository and preservation solution tailored for libraries and organizations.
Events Leading to Recovery
The series of cyberattacks that targeted these sites commenced in September, with the first incident involving a data breach that affected 31 million user accounts. Cybercriminals accessed usernames, email addresses, and encrypted passwords, defacing the site by exploiting a JavaScript library. Visitors were met with a message: “Have you ever had the feeling that the Internet Archive runs on USB sticks and is constantly on the verge of a catastrophic security breach? It’s happened like this.“
Shortly after, a pro-Palestinian group known as SN_BlackMeta executed a DDoS (Distributed Denial of Service) attack on the archive. The hackers claimed their motive was a challenge against the US government, stating: “because the archives belong to the United States and, as we all know, this horrible and hypocritical government supports the genocide perpetrated by the terrorist state of Israel.”
It’s worth noting that the irony lies in the fact that the Internet Archive operates as a non-profit organization with no ties to the US government.
A further issue arose when GitLab authentication tokens were stolen, allowing cybercriminals access to the site’s email support system. Several users who had contacted the archive received responses from the hackers, highlighting vulnerabilities in the system and the exposure of sensitive information dating back to 2018.
Concerns Over Cybersecurity
Users on Reddit voiced their concerns over the Internet Archive’s failure to change its API keys following the initial attacks. Many empathized, recognizing that as a non-profit dedicated to preserving valuable historical data, the Internet Archive operates on a limited budget, often leading to neglected cybersecurity measures.
Ev Kontsevoy, CEO of Teleport, remarked, “In a third attack on the Internet Archive this month, hackers are exploiting access tokens to the organization’s Zendesk implementation. This gives them access to over 800 support tickets. While some criticize the archive for not renewing API keys, organizations often struggle post-breach to fully comprehend the extent of an attack and implement protective measures.“
In response to the attacks, the Internet Archive had to temporarily take its services offline, restoring them gradually. Brewster Kahle, the founder, stated on October 18: “In addition to the DDoS attack and exposure of user data, the JavaScript on our website was compromised, prompting us to shut down operations to enhance our security. The stored data is intact, and we are committed to safely resuming services. We must prioritize cybersecurity moving forward and apologize for the disruption.“