Dan Goodin, writing for Ars Technica last week:

Archive.org, one of the only entities to attempt to preserve the entire history of the World Wide Web and much of the broader Internet, was recently compromised in a hack that revealed data on roughly 31 million users.

Wes Davis, writing for The Verge:

Jason Scott, an archivist and software curator at the Internet Archive, said the site was experiencing a DDoS attack, posting on Mastodon that “according to their twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands.”

The site is still down as of this writing. (Update/clarification below.)

Brewster Kahle, founder and “Digital Librarian” of Internet Archive, has been providing updates via his X/Twitter account, noting that the “data has not been corrupted” and “is safe,” which surely comes as a huge relief to both Kahle and the millions of fans and users of the Internet Archive.

The Wayback Machine part of the site—the part most of us use—has now “resumed in a provisional, read-only manner,” though it may get “suspended again” for ”further maintenance,” said Kahle in a Sunday night post.

The data breach—which consisted of at least a user accounts database—apparently happened at the end of September; it doesn’t appear to be directly related to the denial of service attack.

Lawrence Abrams from Bleeping Computer says of the leak:

The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

This leak will impact Internet Archive users, but hopefully will have minimal impact on the service itself. Assuming that’s all that was leaked.

The hacker who apparently infiltrated the system left a taunt:

Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!

(HIBP is Have I Been Pwned, a website that collects and notifies users of data breaches like this.)

Last week in “Saving the Internet Archive” I wrote:

We also need to address the “single point of failure” nature of the Internet Archive. These recent lawsuits—or future ones—could very well kill the nonprofit, and with it, petabytes of valuable archives.

The lawsuits were the stated context, but implicit in it was that this valuable trove of data exists in just one place—hopefully not literally, but certainly figuratively. Any type of disaster—financial, natural, or, like here, man-made—could wipe it out, a calamitous outcome.

Perhaps this crisis brings attention to the important work the Internet Archive is doing, and the limited resources it has to do it. As important an institution as many of us think it, it is, as I noted in my piece, supported by donations amounting to a mere $30 million a year, with expenses of $26 million. As I wrote:

I’d be surprised if that’s sufficient to continue archiving the ever-growing digital world—and to defend itself from lawsuits.

Now I must add, ‘… and against hackers’.