The Internet Archive Is Under DDoS Attack theverge.com

Jason Scott:

Someone is DDOSing the internet archive, so we’ve been down for hours. According to their twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands.

An X account claiming responsibility says it is a politically motivated attack. If that is true, it is an awfully stupid rationale and a poor choice of target.

Wes Davis, the Verge:

Here’s what the popup said:

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”

HIBP refers to Have I Been Pwned?, a website where people can look up whether or not their information has been published in data leaked from cyber attacks. It’s unclear what is happening with the site, but attacks on services like TweetDeck have exploited XSS or cross-site scripting vulnerabilities with similar effects.

I have no idea if this group actually obtained any Internet Archive user data. The site has only a placeholder page directing visitors to its X account for status updates, but I see nothing there or on Brewster Kahle’s personal one.

Update: Three minutes after publishing this post, I received an alert from Have I Been Pwned that my Internet Archive account was one of over 31 million total which had been exposed. Troy Hunt, who runs HIBP, and Lawrence Abrams of Bleeping Computer both tried contacting the Internet Archive with no response.