The popular science news journal site EurekAlert, is down after a major breach saw hackers leak embargoed news releases and studies on Twitter. EurekAlert said they were notified of a "potential breach" on 11 September, which sparked an investigation. It was later uncovered that the site underwent "an aggressive attack" on 9 September.
The site's registrants' usernames and passwords are believed to have been compromised. However, EurekAlert stressed that financial information of subscribers and subscribing institutions are not stored on the site, indicating that, that particular data set may not have been affected by the breach. At the time of writing, the site still remains down. EurekAlert said their team was working to "bring the site back online as soon as we can ensure that vulnerabilities have been eliminated".
"The EurekAlert! website has been taken offline as AAAS works diligently to address a serious security breach. We are taking this step out of an abundance of caution. The integrity of content on our website is of the utmost concern to us. As we were working to implement a secure password-reset protocol for all registrants, the unknown hacker publicly released an embargoed EurekAlert! news release. We then decided to bring the site down immediately, to protect other embargoed content," said Ginger Pinholster, Chief Communications Officer and Director for AAAS (the American Association for the Advancement of Science).
The EurekAlert site is run by AAAS and stores information on specific scientific research. Researchers and institutions submit specific findings and studies to the site under embargo, to be later published by journalists at a given date.
It is still uncertain as to how hackers managed to gain access to the site as well as usernames and passwords. The motive of the hackers in leaking embargoed content is also not clear. IBTimes UK has reached out to EurekAlert for further comments on the incident and will update this article in the event of a response.
Ginger Pinholster, Chief Communications Officer and Director for AAAS, told IBTimes UK that the hacker's identity is yet to be discovered adding that "he or she used an ISP address in the UK, but this could have been a proxy; the individual could have been anywhere in the world".
An update on the EurekAlert site also said: "Through the continuous and painstaking efforts of a large team of IT professionals at AAAS, the entire EurekAlert! system environment has now been rebuilt, and we have subjected it to multiple rounds of cyber-security testing to ensure that it meets the highest standards of security. Some 300,000 news releases in our historic archive, dating to the site's inception in 1996, have been safely migrated into the new system environment."
The site, however, still remains down.