I don’t give a …

This story is about the wise decision I made many years ago and have been preaching on this site and Octagon Technology and CyberAwake and every course and talk I have given.

The Internet Archive and Wayback Machine webistes have been hacked and the user authentication database containing 31 million unique records has been stolen by hackers.

This database contains a lot of interesting information:

The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

Lawrence Abrams. Bleeping Computer

I am one of those registered members!

Internet Archive hacked
HIBP – refers to the website Have I Been Pwned a data breach notification service

At the moment the Internet Archive is offline and they are not responding to media requests. (May be they should read this article – Before! – Ransomware Part 9 – particularly the bit about dealing with stakeholders during an incident.)

Closed for business – by Friday they had this up

Your Takeaway

This data does reveal much information about the registered members, but in my case most of that is readily available in the public domain. The one way this could be directly useful to hacker is if the stolen password hashes could be reused on other sites, where the users login in with that exact email and password combination. This is often refered to as password recycling.

I do not recycle my passwords – so I do not give a…

Neither should you or your team reuse passwords if you have been reading my blog for any length of time.

If you want a helping hand with passwords and authentication, I have a Back-to-Basics Primer that will help:

Or get in contact and I’ll run and online password refresher course for you and your team.

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

Internet Archive hacked, data breach impacts 31 million users (bleepingcomputer.com)