EurekAlert! taken offline after being hacked
EurekAlert!, the embargoed news source run by the American Association for the Advancement of Science (AAAS), has been temporarily taken offline following a “serious security breach.”
Ginger Pinholster, AAAS chief communications officer and director, office of public programs, said in a statement posted to the site last night at 10:10 p.m. Eastern that usernames and passwords had been compromised, and that embargoed information had been released.
Pinholster tells Embargo Watch that two embargoed releases were released early, and that:
The unknown individual was not selling login information. He seemed motivated to see whether he could breach EurekAlert!.
All of the site’s URLs now direct to a page with this message:
The EurekAlert! website has been taken offline as AAAS works diligently to address a serious security breach.
We are taking this step out of an abundance of caution. The integrity of content on our website is of the utmost concern to us. On September 11, we were notified of a potential breach to our system. An investigation revealed that our website had experienced an aggressive attack on September 9 that compromised usernames and passwords. As we were working to implement a secure password-reset protocol for all registrants, the unknown hacker publicly released an embargoed EurekAlert! news release. We then decided to bring the site down immediately, to protect other embargoed content.
Please be assured that financial information from subscribing institutions is not stored on the EurekAlert! website and therefore remained secure. Registrants’ usernames and passwords were compromised, however.
We deeply regret the inconvenience that this security breach and the related site outage may cause reporters and public information officers. We will bring the site back online as soon as we can ensure that vulnerabilities have been eliminated. Please email the EurekAlert! team at firstname.lastname@example.org, or contact me directly with any questions or concerns.