Eurekalert pulls everybody’s access after security breach.For many science journalists, a week would not be complete without one or more trips to the Eurekalert website. Put together by the American Association for the Advancement of Science, Eurekalert is one-stop-shopping for press releases about the latest scientific findings, aggregating material provided by scientific journals, research institutions, and more.
If you’re an established science journalist, you can also sign up for access to news before it’s news. Log in with the right credentials, and you can see press releases and, in many cases, entire research papers up to a week before they’re unleashed on the public. You just have to agree to never publish anything about the work until a specific date and time—the information is under an embargo until then.
Late Tuesday night, however, access to the site vanished, replaced by a notice that the site had been hacked and that the hackers had started leaking embargoed press releases. Only two releases made it out before access was pulled, and if those are anything to go on, the hackers have absolutely no sense of what makes for cutting-edge science.
Currently, a visit to the Eurekalert home page will bring you to a notice with the following information: We are taking this step out of an abundance of caution. The integrity of content on our website is of the utmost concern to us. On September 11, we were notified of a potential breach to our system. An investigation revealed that our website had experienced an aggressive attack on September 9 that compromised usernames and passwords. As we were working to implement a secure password-reset protocol for all registrants, the unknown hacker publicly released an embargoed EurekAlert! news release. We then decided to bring the site down immediately, to protect other embargoed content.
The universities and journals that post to the site pay for the privilege, but that payment information was not on the compromised server. Journalists who have registered with the site, however, should be aware that their login information was compromised; they can now desperately try to figure out what other sites they used that 15-year-old password for. An equally large concern is how to get access to the articles from Science, which are scheduled to come out from embargo at 2pm Eastern tomorrow.
As for what motivated the hackers themselves, it was possible that they either objected to the embargo process or were interested in liberating scientific information, much like the woman behind SciHub. If so, they would undoubtedly have chosen to make high-profile science part of their leak. When we contacted the people behind Eurekalert to find out, however, it became obvious that the hackers had no idea what they were doing when it comes to science news.
One of the leaked releases was about a study that linked excessive TV consumption in children with a variety of social ills. It seems like solid research, but it’s published in a relatively obscure journal and wasn’t likely to have made a big splash given that it’s in a fairly well-studied area. The second was about the adoption of technology like Google Glass by surgeons—again, terrain that has been pretty well covered.
The leaked press releases weren’t even set loose well ahead of the embargo time, as Eurekalert’s Brian Lin told Ars that they would have been made public by now anyway. And none of the vast number of research papers were made public.
So unless anything changes, no critical scientific or financial information seems to have been set loose by this hack, and the hackers don’t seem to have any ideological agenda. The hackers either hit Eurekalert just because it was there or to get the username/password combinations in the hope that they were also used somewhere with more valuable information.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.