All links pointing to the site now redirect to a page that informs users of the incident. The page is dated September 13, 2016 – 10:10 p.m. EDT.
In the statement plastered to its homepage, EurekAlert said they were notified of a possible security breach on September 11, and as a response, their staff started preparing a password reset for all user accounts.
A subsequent investigation revealed that someone had aggressively tried to hack into the service on September 9.
EurekAlert, which is a science news journal run by the American Association for the Advancement of Science (AAAS), holds information on site subscribers, but also scientific research which scholars submit to the website under embargo to be published at a specific date.
Ginger Pinholster, Chief Communications Officer and Director for AAAS, says that while the EurekAlert staff was working to reset user passwords, the hacker started releasing embargoed news articles based on unpublished research
Staffers quickly identified the files as stolen from the site and shut down their website for an in-depth investigation and the implementation of new security protocols.
EurekAlert says that only passwords from user accounts seem to be compromised, but not financial information from subscribing institutions.
Softpedia has reached out to AAAS for additional comment on the incident. The EurekAlert breach notification is embedded below, in both image and text formats.
EurekAlert Statement :
September 13, 2016 – 10:10 p.m. EDT
Dear EurekAlert! Registrants:
The EurekAlert! website has been taken offline as AAAS works diligently to address a serious security breach.
We are taking this step out of an abundance of caution. The integrity of content on our website is of the utmost concern to us. On September 11, we were notified of a potential breach to our system. An investigation revealed that our website had experienced an aggressive attack on September 9 that compromised usernames and passwords. As we were working to implement a secure password-reset protocol for all registrants, the unknown hacker publicly released an embargoed EurekAlert! news release. We then decided to bring the site down immediately, to protect other embargoed content.
Please be assured that financial information from subscribing institutions is not stored on the EurekAlert! website and therefore remained secure. Registrants’ usernames and passwords were compromised, however.
We deeply regret the inconvenience that this security breach and the related site outage may cause reporters and public information officers. We will bring the site back online as soon as we can ensure that vulnerabilities have been eliminated. Please email the EurekAlert! team at firstname.lastname@example.org, or contact me directly with any questions or concerns.
Chief Communications Officer and Director, Office of Public Programs
American Association for the Advancement of Science
email@example.com / 202-326-6421