Major Internet Archive Breach Exposes 31 Million User Accounts

On October 9, 2024, the Internet Archive reported a substantial data breach affecting approximately 31 million users. The incident involved the exposure of usernames, email addresses, and password hashes, compounded by a DDoS attack attributed to the threat group SN_BlackMeta. This dual assault highlights a coordinated effort to disrupt services while compromising sensitive user data. The breach stemmed from an exposed GitLab configuration file that contained an authentication token, allowing unauthorized access to critical databases and source code. Organizations are urged to assess their configurations and adopt stringent security measures to mitigate such vulnerabilities. The Internet Archive is currently investigating the incident and has yet to detail its full response or recovery strategy. This breach underscores the growing need for robust security practices in safeguarding user data against emerging threats. BleepingComputer Strobes