Story updated Oct. 10 with additional expert comment regarding the DDoS attack on the Wayback Machine and the extent of control the attackers appear tpo have gained.
Hackers have compromised the Internet’s past, the Internet Archive’s Wayback Machine, stealing 31 million passwords and launching a massive Distributed Denial of Service attack in the process. It is unclear if the two security incidents, the compromise of the Internet Archive’s authentication database containing registered member details, including hashed passwords, and the denial of service attack, are related. However, the evidence does seem to be pointing in the direction of this being a targeted attack by the same threat actor.

The first clue that something was wrong came from the service itself, with the display of a JavaScript alert popup for visitors to the archive.org site which read:
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”Troy Hunt, the founder of the Have I Been Pwned data breach notification service referenced in the hacker’s note, told Bleeping Computer, the first to report on the news, that the threat actor had shared a 6.4GB database with them some days ago. This authentication database, which appears to be genuine and from the Internet Archive, contained “authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data,” Hunt told Bleeping Computer founder and editor Lawrence Abrams.
The last timestamp in that database gives a clue as to when the breach occurred, September 18. According to Hunt, there are 31 million records in the database which will be added to the HIBP service soon so as to enable people to see if their data has been exposed by this attack.