The Internet Archive has faced a barrage of cyberattacks

The Internet Archive, a nonprofit digital library that has served as a main repository of internet history, is back online with limited functionality after weeks of being harassed by hackers.

Brewster Kahle, the Archive’s founder, wrote on his social media channels Sunday night that services had resumed in a read-only mode and that new webpages can’t be saved yet.

“Safe to resume but might need further maintenance, in which case it will be suspended again. Please be gentle,” Kahle wrote.

The California-based Archive has run the Wayback Machine, devoted to preserving the internet as a historical and cultural artifact, since 1996. It has taken more than 150 billion snapshots of webpages and uploaded hundreds of thousands of movies, concert recordings, books and software programs.

For reasons that are not clear, the Archive has been the victim of at least three recent attacks: the theft of tens of millions of users’ usernames and email addresses; a brief defacement of the site; and repeatedly being knocked offline for days by overwhelming it with traffic, a tactic known as a Distributed Denial of Service (DDoS) attack.

It’s unclear if the same party was responsible for all three.

The theft of usernames and passwords happened first. Troy Hunt, who runs the website Have I Been Pwned, a database for people to check whether their information has been breached online, posted on X that on Sept. 30 he received the breach of 31 million users’ usernames, email addresses and encrypted passwords. The Archive does not store significant user information.

Starting on Tuesday, the Archive came under repeated DDoS attacks and was briefly replaced with a taunting message from the hackers. 

A spokesperson for the Archive declined to comment on who was responsible for the attacks, saying that “the team is focused on resolving things.”

A hacker group claimed on its X and Telegram channels to be responsible before the second day of attacks. The group claims to be Russia-based, anti-Israeli and anti-U.S. hacktivists, though it’s common for both criminal and nation-backed hackers to deliberately lie about their identities. In a bizarre, rambling screed on X, the group claimed they had attacked the Archive for violating copyright, a reference to the nonprofit losing a lawsuit over digitizing books so that anyone could read them.

Jake Moore, the global cybersecurity adviser for the cybersecurity company ESET, said that while hackers are often motivated by money or a government’s interests, like conducting cyberespionage, it can be difficult to speculate why someone would seek to disrupt a nonprofit generally seen as promoting the public good.

“It’s often difficult to know the true reason,” Moore said. “We never really know the true motivation behind most attacks until much later, if at all.”