It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

In the news

This October, our friends at the Internet Archive are experiencing multiple waves of digital attacks. Earlier this month, the home to the popular Wayback Machine archival tool suffered both a denial-of-service attack that overwhelmed the service with traffic, rendering it inaccessible, as well as a breach that exposed emails and encrypted passwords from more than 31 million user accounts. While the team has recently resumed partial service, we learned this past weekend that it also suffered a continued attack on its email support service. Read more here.

What you can do

  • Quick win: Many journalists depend on the Internet Archive for research and may have accounts implicated in this month’s breach of sensitive credentials. You can enter your email on Have I Been Pwned to see if your personal data is included in the breach.
  • Damage control: If your information is in one of these breaches, you’ll want to change the password for the affected account, as well as passwords for other accounts that may share the same email address and password. While the passwords in this month’s breach are encrypted and are unlikely to be readily usable to attackers, they may attempt to crack them. This is one reason we often recommend using a password manager to automatically generate and securely store unique passwords for each service, thereby isolating the breach to just the affected service. Read our guide to choosing a password manager.
  • Support the Internet Archive: If you have the means, help the Internet Archive get back on its feet. While its normal donation page is down as of Oct. 21, it is advertising a PayPal to accept donations.

Updates from our team

  • Come work with us as a digital security trainer! In this role, you’ll facilitate customized digital security courses, write educational materials — maybe even write this very newsletter — and more. Please feel free to reach out with any questions you have about the role. We will close the application before long, so check out the job post as soon as you can.
  • My colleague David Huerta just published a new advice column on the efficacy of antivirus tools. Check it out.
  • Have you been to freedom.press lately? We’ve recently launched a newly redesigned website. Take a look at our new site and let us know if you have any feedback.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin

Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation