What happened
According to public breach records, the Internet Archive data breach on September 28, 2024 is reported to have exposed the personal information of 31,081,179 accounts.
In September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records. The breach exposed user records including email addresses, screen names and bcrypt password hashes.
Passwords in this breach were reportedly stored as bcrypt hashes.
In September 2024 the Internet Archive (archive.org / the Wayback Machine) suffered a breach in which a threat actor exfiltrated a 6.4GB authentication database containing roughly 31 million unique user records; the most recent record timestamp was September 28, 2024, indicating when the data was taken. The compromise became public on October 9, 2024, when visitors to archive.org saw a JavaScript pop-up planted by the attacker announcing the breach, and Have I Been Pwned confirmed it had received the stolen data. The exposed records included email addresses, screen names/usernames, password-change timestamps, and Bcrypt-hashed (salted) passwords — passwords were not stored in plaintext — and the incident was notable for hitting a nonprofit cultural-heritage institution amid concurrent (reportedly unrelated) DDoS activity. ["Change your Internet Archive (archive.org) password, and if you reused that same password on any other site, change it everywhere it was reused.", "Although the leaked passwords were Bcrypt-hashed rather than plaintext, treat the password as compromised and switch to a unique passphrase managed in a password manager.", "Enable two-factor authentication on accounts tied to your exposed email address to blunt any credential-stuffing attempts using these records.", "Be alert for phishing emails referencing the Internet Archive or your exposed username, since email and screen-name pairings can be used to craft convincing lures."]
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Passwords
- Usernames
Breach details
| Detail | Value |
|---|---|
| Breach name | Internet Archive |
| Date | September 28, 2024 |
| Accounts affected | 31,081,179 |
| Domain | archive.org |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Internet Archive; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Change your Internet Archive (archive.org) password, and if you reused it anywhere else, change it on those sites too.
- Even though the exposed passwords were Bcrypt-hashed rather than plaintext, treat the password as compromised and replace it with a unique passphrase stored in a password manager.
- Enable two-factor authentication on accounts linked to the exposed email address to defend against credential-stuffing using these records.
- Watch for phishing emails that reference the Internet Archive or your username, since the leaked email-and-username pairings can be used to craft convincing lures.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Internet Archive hacked, data breach impacts 31 million users — BleepingComputer
- Internet Archive Data Breach — Have I Been Pwned
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →