The Internet Archive (archive.org) was hit by a cyber attack on Wednesday afternoon, when users visiting the website were greeted by a pop-up message claiming that the site had been hacked.
Around 9pm US time on Wednesday, founder Brewster Kahle confirmed that the site had been subjected to an attack, where a JavaScript library was used to alter the website. It is The Verge that has reported the case.
The website is not available at the time of writing.
31 million users' info has been leaked
The message on the pop-up read:
“Have you ever felt that the Internet Archive is on the verge of a major security breach? It happened now. See 31 million of you at HIBP!”
HIBP, which stands for "Have I Been Pwned?", is a service where users can check if their information has been leaked in a cyber attack. Troy Hunt, the operator of HIBP, confirmed that he received a file nine days earlier containing information on 31 million users, including email addresses and encrypted passwords. Hunt explained that 54 percent of these were already in HIBP's database from previous leaks.
The users notified on the website
In a series of tweets, Hunt laid out the details of the incident, from the initial contact with the Internet Archive on October 6, to today's DDoS attack that occurred while they were loading the data into HIBP to alert users.
After the message was closed, the website functioned slowly, and later in the afternoon the website was unavailable.
A placeholder message informed visitors that "Internet Archive services are temporarily unavailable," and referred to the site's account on X (formerly Twitter) for updates.
Control of the attack
Jason Scott, an archivist at the Internet Archive, confirmed that the site experienced a DDoS attack, where the attack was apparently carried out without specific demands. During the evening, Kahle confirmed that they had gained control of the attack:
An account on X named SN_Blackmeta claimed to be behind the attack, suggesting another attack was planned for the next day.