When visiting The Internet Archive (www.archive.org) on Wednesday afternoon, The Verge was greeted by a pop-up claiming the site had been hacked. Just after 9PM ET, Internet Archive founder Brewster Kahle confirmed the breach and said the website had been defaced with the notification via a JavaScript library.

Here’s what the popup said:

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”

HIBP refers to Have I Been Pwned?, a website where people can look up whether or not their information has been published in data leaked from cyber attacks. HIBP operator Troy Hunt confirmed to Bleeping Computer that nine days ago, he received a file containing “email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data” for 31 million unique email addresses, and confirmed it was valid by matching data with a user’s account.

A tweet from HIBP said 54 percent of the accounts were already in its database from previous breaches. In posts on his account, Hunt gave further details on the timeline, from contacting the IA about the breach on October 6th, and moving forward with the disclosure process until their site was defaced and DDoS’d today at the same time they were loading the data into HIBP to begin notifying affected users.

After closing the message, the site loaded normally, albeit slowly.

As of 5:30PM ET, the popup was gone, but so was the rest of the site, leaving either nothing or a placeholder message saying “Internet Archive services are temporarily offline” and directing visitors to the site’s account on X for updates.

Jason Scott, an archivist and software curator of The Internet Archive, said the site was experiencing a DDoS attack, posting on Mastodon that “According to their twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands.”

Later Wednesday evening, Brewster Kahley of the IA confirmed the breach in a post on X:

What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.

What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.

Will share more as we know it.

An account on X called SN_Blackmeta said it was behind the attack and implied that another attack was planned for tomorrow. The account also posted about DDoSing the Archive in May, and Scott has previously posted about attacks seemingly aimed at disrupting the Internet Archive.

We’ve reached out to the organization to learn more information.

Update, October 9th: Added information from HIBP and BleepingComputer, and Brewster Kahley’s confirmation of the breach.

When visiting The Internet Archive (www.archive.org) on Wednesday afternoon, The Verge was greeted by a pop-up claiming the site had been hacked. Just after 9PM ET, Internet Archive founder Brewster Kahle confirmed the breach and said the website had been defaced with the notification via a JavaScript library.

Here’s what the popup said:

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”

HIBP refers to Have I Been Pwned?, a website where people can look up whether or not their information has been published in data leaked from cyber attacks. HIBP operator Troy Hunt confirmed to Bleeping Computer that nine days ago, he received a file containing “email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data” for 31 million unique email addresses, and confirmed it was valid by matching data with a user’s account.

A tweet from HIBP said 54 percent of the accounts were already in its database from previous breaches. In posts on his account, Hunt gave further details on the timeline, from contacting the IA about the breach on October 6th, and moving forward with the disclosure process until their site was defaced and DDoS’d today at the same time they were loading the data into HIBP to begin notifying affected users.

After closing the message, the site loaded normally, albeit slowly.

As of 5:30PM ET, the popup was gone, but so was the rest of the site, leaving either nothing or a placeholder message saying “Internet Archive services are temporarily offline” and directing visitors to the site’s account on X for updates.

Jason Scott, an archivist and software curator of The Internet Archive, said the site was experiencing a DDoS attack, posting on Mastodon that “According to their twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands.”

Later Wednesday evening, Brewster Kahley of the IA confirmed the breach in a post on X:

What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.

What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.

Will share more as we know it.

An account on X called SN_Blackmeta said it was behind the attack and implied that another attack was planned for tomorrow. The account also posted about DDoSing the Archive in May, and Scott has previously posted about attacks seemingly aimed at disrupting the Internet Archive.

We’ve reached out to the organization to learn more information.

Update, October 9th: Added information from HIBP and BleepingComputer, and Brewster Kahley’s confirmation of the breach.