The Internet Archive, a nonprofit organization which serves to archive digital materials that otherwise might be entirely lost to time, recently became subject to a data breach and Distributed Denial of Service (DDoS) attacks.

The data breach likely occurred on Sept. 28, the most recent date that was seen in the stolen data. This attack led to roughly 31 million accounts being compromised, with email addresses and encrypted passwords being stolen. The Archive’s materials are reported to be intact.

On Oct. 9, the wider public became alerted of this breach when visitors of archive.org were met with a message from a hacker, stating, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on [Have I Been Pwnd].” That afternoon, Have I Been Pwned, a service that allows users to enter their email address to see if it appears in a comprehensive database of data breaches, sent email alerts to their subscribers to notify them of the hack if they had an Internet Archive account that was compromised.

On the same day, the Internet Archive was also subjected to DDoS attacks, which shut down their servers by flooding them with fake traffic. On Oct. 14, archive.org returned as a read-only service, meaning that users could only access their wayback machine to view old snapshots of websites, but could not submit their own. As of Oct. 21, the Internet Archive is currently back online, though the ability to log in has been deactivated.

On Oct. 20, the Internet Archive was once again breached, where hackers gained access to their Zendesk email support platform and were able to view support tickets from the organization, which allowed hackers to access personal identification documents that users had submitted to the archive.