A group linked to a pro-Palestinian hacktivist movement has launched a catastrophic cyberattack revealing the details of 31 million people, compromising their email addresses and screen names.

An account on X under the name SN_BlackMeta claimed responsibility for the attack on The Internet Archive, a nonprofit organization, and implied that further attacks were planned. The Internet Archive is known for its digital library and the Wayback Machine. SN_BlackMeta has previously been linked to an attack against a Middle Eastern financial institution earlier this year, and a security firm has linked it to a pro-Palestinian hacktivist movement.

Encrypted passwords were also exposed and although these are relatively safe, users have been advised to change their passwords. And one expert has told Newsweek people should avoid browsing or using any files obtained from the site until it has declared an “all clear.”

  • barsoap@lemm.ee
    link
    fedilink
    English
    arrow-up
    49
    ·
    3 months ago

    They aren’t, newsweek is calling it encryption because they’re writing for normies. The leaked data includes bcrypt’ed passwords, so hash and per-password salt. Their choice of hashing function is not what you want to criticise the IA for.

    • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      3 months ago

      bcrypt, to save you time.

      Anyway, I’d be curious to see that data. It also got my email that I only used for donations to IA. I wonder what data is associated with that email.
      Not sure where to start searching for that data.

    • AmidFuror@fedia.io
      link
      fedilink
      arrow-up
      2
      arrow-down
      14
      ·
      3 months ago

      Downvoted for “normies” because it appears to be any person whose specialized knowledge set does not include cryptography.

      • barsoap@lemm.ee
        link
        fedilink
        English
        arrow-up
        15
        ·
        edit-2
        3 months ago

        Every sys/devops and programmer will know what a hash is, salt at least the sys/devops.

        The general population though will be thinking of hash browns when hearing those terms and “encrypted” is absolutely close enough. So close that insisting on the difference in a non-technical context is definitely pedantic.

        • thejml@lemm.ee
          link
          fedilink
          English
          arrow-up
          6
          ·
          3 months ago

          Damn, hash browns sound great right about now.

          And as a DevOps engineer, I’m going to be hungry every time I deal with passwords and api keys now.

        • AmidFuror@fedia.io
          link
          fedilink
          arrow-up
          2
          ·
          3 months ago

          That’s my point. All news articles on technical and scientific topics are written for “normies,” including likely the commenter for many disciplines. Seemed to be used derogatorily to me, but I’ll concede I could have misinterpreted.