Confirmation of the Breach
Hunt verified the authenticity of the breach by contacting users listed in the stolen database, including cybersecurity researcher Scott Helme, who confirmed that his credentials were included. Helme’s bcrypt-hashed password and timestamp matched records in his password manager.
9887370, [email protected],$2a$10$Bho2e2ptPnFRJyJKIn5BiehIDiEwhjfMZFVRM9fRCarKXkemA3PxuScottHelme,2020-06-25,2020-06-25,[email protected],2020-06-25 13:22:52.7608520,\N0\N\N@scotthelme\N\N\N
Password manager entry for archive.org
Source: Scott Helme
Internet Archive Yet to Respond
Despite Hunt’s efforts to contact the Internet Archive about the breach, there has been no official response from the organization. The breach reportedly occurred on September 28th, 2024, and the threat actor hinted that the data would soon be loaded into HIBP.