Last week, hackers defaced the Internet Archive website with a message that said, "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"
HIBP is a reference to Have I Been Pwned, which was created by security researcher Troy Hunt and provides information and notifications on data breaches. The hacked Internet Archive data was sent to Have I Been Pwned and "contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data," BleepingComputer wrote.
Kahle said on October 9 that the Internet Archive fended off a DDoS attack and was working on upgrading security in light of the data breach and website defacement. The next day, he reported that the "DDoS folks are back" and had knocked the site offline. The Internet Archive "is being cautious and prioritizing keeping data safe at the expense of service availability," he added.
"Services are offline as we examine and strengthen them... Estimated Timeline: days, not weeks," he wrote on October 11. "Thank you for the offers of pizza (we are set)."