The Wayback Machine Was Hacked, Leaking 31 Million Email Addresses | Lifehacker


The Wayback Machine, a project of the Internet Archive, has been an indispensable tool for looking back on the world wide web of yore. The internet changes so fast and so dramatically, it can be a bit of a shock to see how different things were not that long ago. The site preserves so much, including old games and Nintendo Power magazines; it even saved archives of MTV News stories earlier this year.

Unfortunately, one of the web’s greatest assets isn’t making headlines today because of its merits: It was hacked—quite dramatically, too.

As reported by BleepingComputer, the site was breached by an unknown actor, who managed to steal a database of over 31 million user records, which includes things like email addresses, usernames, the timestamps for password changes, and hashed passwords. The hacker left behind a JavaScript alert on archive.org, which read “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” (HIBP is short for Have I Been Pwned, which lets you enter you email address to check whether or not your credentials have been involved in a data breach.)

BleepingComputer talked to the site’s creator, Troy Hunt, about this particular hack, who confirmed the actor shared a 6.4GB file containing the data from the breach to HIBP 10 days ago. Hunt says the hack itself likely occurred on Sept. 28, and that the stolen data includes 31 million unique email addresses alone. At the time of BleepingComputer’s reporting, these emails had not yet been added to HIBP’s database, but when they are, users will be able to check whether or not they were affected by this breach.

To make matters worse, the Internet Archive was attacked again, this time through a DDoS (distributed denial of service) attack. As of this article, archive.org is currently down, including the Wayback Machine.

What you can do to protect your data

At this time, keep checking HIBP: By entering your email here, you’ll be able to see if your data was involved in this breach (and, of course, other breaches across the internet).

Unfortunately, you can’t do anything to reverse the effects. However, you can take steps to prevent your data from being affected further. One is to keep a skeptical eye on any emails you receive going forward: Bad actors will likely try to target you with messages containing malicious links, perhaps by trying to convince you that they have a solution for your compromised email address in the first place. Don’t click these links, and be careful with emails from strange accounts.

Next, consider an identity theft protection service. These platforms can monitor your data across the web, and stop fraudulent activity before it damages you. Our sister site, PCMag, has a list of their favorite services they’ve tested. The same goes for data removal services: These options will look for sites and companies that have your data, such as email addresses, home addresses, and phone numbers, and request they delete that data on your behalf. That can be helpful for mitigating the effects of these leaks.